Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
appleAppleAPPLE:HT208223
HistoryNov 03, 2017 - 10:33 a.m.

About the security content of Safari 11.0.1 - Apple Support

2017-11-0310:33:33
support.apple.com
7

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.

Apple security documents reference vulnerabilities by CVE-ID when possible.

Safari 11.0.1

Released October 31, 2017

Safari

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13

Impact: Visiting a malicious website may lead to address bar spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-13790: Zhiyang Zeng (@Wester) of Tencent Security Platform Department

CVE-2017-13789: xisigr of Tencent’s Xuanwu Lab (tencent.com)

WebKit

Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-13783: Ivan Fratric of Google Project Zero

CVE-2017-13784: Ivan Fratric of Google Project Zero

CVE-2017-13785: Ivan Fratric of Google Project Zero

CVE-2017-13788: xisigr of Tencent’s Xuanwu Lab (tencent.com)

CVE-2017-13791: Ivan Fratric of Google Project Zero

CVE-2017-13792: Ivan Fratric of Google Project Zero

CVE-2017-13793: Hanul Choi working with Trend Micro’s Zero Day Initiative

CVE-2017-13794: Ivan Fratric of Google Project Zero

CVE-2017-13795: Ivan Fratric of Google Project Zero

CVE-2017-13796: Ivan Fratric of Google Project Zero

CVE-2017-13797: Ivan Fratric of Google Project Zero

CVE-2017-13798: Ivan Fratric of Google Project Zero

CVE-2017-13802: Ivan Fratric of Google Project Zero

CVE-2017-13803: chenqin (陈钦) of Ant-financial Light-Year Security

Entry updated November 2, 2017

Related

nessus 12
apple 9
openvas 10
kaspersky 2
gentoo 1
ubuntu 1
fedora 3
mageia 1
cve 16
prion 16
zdt 11
freebsd 1
debiancve 13
zdi 1
checkpoint_advisories 6
seebug 12
ubuntucve 14
packetstorm 10
suse 2
nessus
nessus
macOS : Apple Safari < 11.0.1 Multiple Vulnerabilities
2017-11-02 00:00:00
Apple iTunes < 12.7.1 WebKit Multiple Vulnerabilities (credentialed check)
2017-11-02 00:00:00
Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3481-1)
2017-11-17 00:00:00
apple
apple
About the security content of Safari 11.0.1
2017-10-31 00:00:00
About the security content of iCloud for Windows 7.1
2017-10-31 00:00:00
About the security content of iCloud for Windows 7.1 - Apple Support
2017-11-02 11:20:27
openvas
openvas
Apple Safari Security Update (HT208223) - Mac OS X
2017-11-02 00:00:00
Ubuntu: Security Advisory (USN-3481-1)
2017-11-18 00:00:00
Apple iCloud Security Update (HT208225) - Windows
2017-11-02 00:00:00
kaspersky
kaspersky
KLA11276 Multiple vulnerabilities in Apple iTunes
2017-10-31 00:00:00
KLA11146 Multiple vulnerabilities in Apple Safari
2017-10-31 00:00:00
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2017-12-14 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: webkitgtk4-2.18.3-1.fc26
2017-11-28 16:28:18
[SECURITY] Fedora 25 Update: webkitgtk4-2.18.3-1.fc25
2017-11-28 17:36:01
[SECURITY] Fedora 27 Update: webkitgtk4-2.18.3-1.fc27
2017-11-15 18:00:33
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2017-11-27 00:18:31
cve
cve
CVE-2017-13789
2017-11-13 03:29:00
CVE-2017-13803
2017-11-13 03:29:00
CVE-2017-13802
2017-11-13 03:29:00
prion
prion
Code injection
2017-11-13 03:29:00
Memory corruption
2017-11-13 03:29:00
Memory corruption
2017-11-13 03:29:00
zdt
zdt
WebKit - WebCore::PositionIterator::decrement Use-After-Free Exploit
2017-11-22 00:00:00
WebKit - WebCore::InputType::element Use-After-Free Exploit
2017-11-22 00:00:00
WebKit - WebCore::AXObjectCache::performDeferredCacheUpdate Use-After-Free Exploit
2017-11-22 00:00:00
freebsd
freebsd
webkit2-gtk3 -- multiple vulnerabilities
2017-10-18 00:00:00
debiancve
debiancve
CVE-2017-13788
2017-11-13 03:29:00
CVE-2017-13793
2017-11-13 03:29:00
CVE-2017-13795
2017-11-13 03:29:00
zdi
zdi
Apple Safari Node Use-After-Free Remote Code Execution Vulnerability
2017-11-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple WebKit Use After Free Code Execution (CVE-2017-13792)
2017-11-29 00:00:00
Apple WebKit Use After Free Code Execution (CVE-2017-13795)
2017-12-19 00:00:00
Apple WebKit Use After Free Code Execution (CVE-2017-13791)
2017-11-28 00:00:00
seebug
seebug
WebKit: use-after-free in WebCore::InputType::element(CVE-2017-13792)
2017-11-23 00:00:00
WebKit: use-after-free in WebCore::RenderObject::previousSibling(CVE-2017-13798)
2017-11-23 00:00:00
WebKit: out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint(CVE-2017-13784)
2017-11-23 00:00:00
ubuntucve
ubuntucve
CVE-2017-13792
2017-11-12 00:00:00
CVE-2017-13793
2017-11-12 00:00:00
CVE-2017-13798
2017-11-12 00:00:00
packetstorm
packetstorm
WebKit WebCore::InputType::element Use-After-Free
2017-11-22 00:00:00
WebKit WebCore::RenderObject::previousSibling Use-After-Free
2017-11-25 00:00:00
WebKit WebCore::SVGPatternElement::collectPatternAttributes Out-Of-Bounds Read
2017-11-22 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2018-02-01 00:14:30
Security update for webkit2gtk3 (important)
2018-01-25 21:10:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for APPLE:HT208223
nessus12apple9openvas10kaspersky2gentoo1ubuntu1fedora3mageia1cve16prion16zdt11freebsd1debiancve13zdi1checkpoint_advisories6seebug12ubuntucve14packetstorm10suse2