4 matches found
WebKit: HTMLInputElement use-after-free (CVE-2017-2454)
There is a use-after-free security vulnerability related to how the HTMLInputElement is handled in WebKit. The vulnerability was confirmed on a nightly build of WebKit. The PoC also crashes Safari 10.0.2 on Mac. PoC: function eventhandler1 input.type = "foo"; function eventhandler2...
CVE-2017-2454
creationtimestamp| type| source ---|---|--- 2017-04-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41807...
CVE-2017-2454
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and...
CVE-2017-2454
CVE-2017-2454 affects WebKit in Apple products (iOS 10.x, Safari 10.x, tvOS 10.x). A crafted web site could execute arbitrary code or cause memory corruption and a crash. Apple released fixes in iOS 10.3, tvOS 10.2, and Safari/macOS security updates (per HT207600/HT207617). Remediation: update to...