Apple Safari Node Use-After-Free Remote Code Execution Vulnerability
2017-11-20T00:00:00
ID ZDI-17-920 Type zdi Reporter Hanul Choi Modified 2017-06-22T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Node objects when creating HTML Markup. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.
{"cvelist": ["CVE-2017-13793"], "id": "ZDI-17-920", "type": "zdi", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Node objects when creating HTML Markup. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "lastseen": "2020-06-22T11:40:09", "reporter": "Hanul Choi", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-920/", "modified": "2017-06-22T00:00:00", "title": "Apple Safari Node Use-After-Free Remote Code Execution Vulnerability", "edition": 2, "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "bulletinFamily": "info", "viewCount": 1, "references": ["https://support.apple.com/en-us/HT208223"], "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-13793"]}, {"type": "gentoo", "idList": ["GLSA-201712-01"]}, {"type": "ubuntu", "idList": ["USN-3481-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811958", "OPENVAS:1361412562310811957", "OPENVAS:1361412562310843366", "OPENVAS:1361412562310811956"]}, {"type": "kaspersky", "idList": ["KLA11276"]}, {"type": "nessus", "idList": ["ITUNES_12_7_1.NASL", "GENTOO_GLSA-201712-01.NASL", "ITUNES_12_7_1_BANNER.NASL", "MACOSX_SAFARI11_1.NASL", "APPLETV_11_1.NASL", "UBUNTU_USN-3481-1.NASL"]}, {"type": "apple", "idList": ["APPLE:HT208225", "APPLE:HT208224", "APPLE:HT208222", "APPLE:HT208219", "APPLE:HT208223"]}], "modified": "2020-06-22T11:40:09", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-06-22T11:40:09", "rev": 2}, "vulnersScore": 7.0}, "published": "2017-11-20T00:00:00", "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:36:36", "description": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "edition": 13, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-13T03:29:00", "title": "CVE-2017-13793", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-13793"], "modified": "2019-03-22T19:14:00", "cpe": ["cpe:/a:apple:webkit:-"], "id": "CVE-2017-13793", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13793", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:41:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.", "edition": 5, "modified": "2017-11-16T00:00:00", "published": "2017-11-16T00:00:00", "id": "USN-3481-1", "href": "https://ubuntu.com/security/notices/USN-3481-1", "title": "WebKitGTK+ vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2017-12-14T21:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "### Background\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. \n\n### Description\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nBy enticing a victim to visit maliciously crafted web content, a remote attacker could execute arbitrary code or cause a denial of service condition. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-2.18.3\"", "edition": 1, "modified": "2017-12-14T00:00:00", "published": "2017-12-14T00:00:00", "href": "https://security.gentoo.org/glsa/201712-01", "id": "GLSA-201712-01", "title": "WebKitGTK+: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-07-17T14:22:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-11-02T00:00:00", "id": "OPENVAS:1361412562310811958", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811958", "type": "openvas", "title": "Apple iCloud Security Updates( HT208225 )", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates( HT208225 )\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811958\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-13784\", \"CVE-2017-13785\", \"CVE-2017-13783\", \"CVE-2017-13788\",\n\t\t\"CVE-2017-13795\", \"CVE-2017-13802\", \"CVE-2017-13792\", \"CVE-2017-13791\",\n\t\t\"CVE-2017-13798\", \"CVE-2017-13796\", \"CVE-2017-13793\", \"CVE-2017-13794\",\n\t\t\"CVE-2017-13803\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 17:19:58 +0530 (Thu, 02 Nov 2017)\");\n script_name(\"Apple iCloud Security Updates( HT208225 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple memory\n corruption issues.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to perform arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208225\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!icVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:icVer, test_version:\"7.1\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.1\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2017-11-02T00:00:00", "id": "OPENVAS:1361412562310811957", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811957", "type": "openvas", "title": "Apple iTunes Security Updates( HT208224 )", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates( HT208224 )\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811957\");\n script_version(\"2019-05-17T13:14:58+0000\");\n script_cve_id(\"CVE-2017-13784\", \"CVE-2017-13785\", \"CVE-2017-13783\", \"CVE-2017-13788\",\n\t\t\"CVE-2017-13795\", \"CVE-2017-13802\", \"CVE-2017-13792\", \"CVE-2017-13791\",\n\t\t\"CVE-2017-13798\", \"CVE-2017-13796\", \"CVE-2017-13793\", \"CVE-2017-13794\",\n\t\t\"CVE-2017-13803\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 13:14:58 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 17:19:55 +0530 (Thu, 02 Nov 2017)\");\n script_name(\"Apple iTunes Security Updates( HT208224 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n memory corruption issues.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to perform arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.7.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.7.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208224\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!ituneVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:ituneVer, test_version:\"12.7.1\"))\n{\n report = report_fixed_ver(installed_version:ituneVer, fixed_version:\"12.7.1\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-18T00:00:00", "id": "OPENVAS:1361412562310843366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843366", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3481-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3481_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3481-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843366\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-18 07:33:19 +0100 (Sat, 18 Nov 2017)\");\n script_cve_id(\"CVE-2017-13783\", \"CVE-2017-13784\", \"CVE-2017-13785\", \"CVE-2017-13788\",\n \"CVE-2017-13791\", \"CVE-2017-13792\", \"CVE-2017-13793\", \"CVE-2017-13794\",\n \"CVE-2017-13795\", \"CVE-2017-13796\", \"CVE-2017-13798\", \"CVE-2017-13802\",\n \"CVE-2017-13803\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3481-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.10,\n Ubuntu 17.04,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3481-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3481-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.10|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.3-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.3-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.3-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.3-0ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.3-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.3-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.3-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.3-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.18.3-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.18.3-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.18.3-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.18.3-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:22:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13790", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13789", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-11-02T00:00:00", "id": "OPENVAS:1361412562310811956", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811956", "type": "openvas", "title": "Apple Safari Security Updates( HT208223 )", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates( HT208223 )\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811956\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2017-13790\", \"CVE-2017-13789\", \"CVE-2017-13784\", \"CVE-2017-13785\",\n\t\t\"CVE-2017-13783\", \"CVE-2017-13788\", \"CVE-2017-13795\", \"CVE-2017-13802\",\n\t\t\"CVE-2017-13792\", \"CVE-2017-13791\", \"CVE-2017-13798\", \"CVE-2017-13796\",\n\t\t\"CVE-2017-13793\", \"CVE-2017-13794\", \"CVE-2017-13803\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 17:19:54 +0530 (Thu, 02 Nov 2017)\");\n script_name(\"Apple Safari Security Updates( HT208223 )\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - An inconsistent user interface issue.\n\n - Multiple memory corruption issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to perform address bar spoofing, and\n arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 11.0.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 11.0.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208223\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\", \"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif((!osName && \"Mac OS X\" >!< osName) || !osVer){\n exit (0);\n}\n\nif(version_is_less(version:osVer, test_version:\"10.11.6\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.11.6 and Update Apple Safari to version 11.0.1\" ;\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.12.6 and Update Apple Safari to version 11.0.1\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse\n{\n if(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE)) exit(0);\n safVer = infos['version'];\n path = infos['location'];\n\n if(version_is_less(version:safVer, test_version:\"11.0.1\"))\n {\n fix = \"11.0.1\";\n installedVer = \"Apple Safari \" + safVer ;\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:installedVer, fixed_version:fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:43:40", "bulletinFamily": "info", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "### *Detect date*:\n10/31/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting this vulnerability malicious users can execute arbitrary code and cause denial of service. This vulnerability can be exploited remotely via a specially crafted webpage.\n\n### *Affected products*:\nApple iTunes earlier than 12.7.1\n\n### *Solution*:\nUpdate to latest version \n[Download iTunes](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[About the security content of iTunes 12.7.1 for Windows](<https://support.apple.com/en-us/HT208224>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2017-13784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13784>)6.8High \n[CVE-2017-13785](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13785>)6.8High \n[CVE-2017-13791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13791>)6.8High \n[CVE-2017-13792](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13792>)6.8High \n[CVE-2017-13794](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13794>)6.8High \n[CVE-2017-13795](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13795>)6.8High \n[CVE-2017-13796](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13796>)6.8High \n[CVE-2017-13798](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798>)6.8High \n[CVE-2017-13802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13802>)6.8High \n[CVE-2017-13783](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13783>)6.8High \n[CVE-2017-13788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788>)6.8High \n[CVE-2017-13793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13793>)6.8High \n[CVE-2017-13803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13803>)6.8High\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 35, "modified": "2020-06-18T00:00:00", "published": "2017-10-31T00:00:00", "id": "KLA11276", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11276", "title": "\r KLA11276Multiple vulnerabilities in Apple iTunes ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-04-01T07:29:45", "description": "A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-17T00:00:00", "title": "Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3481-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3481-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3481-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104653);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-13783\", \"CVE-2017-13784\", \"CVE-2017-13785\", \"CVE-2017-13788\", \"CVE-2017-13791\", \"CVE-2017-13792\", \"CVE-2017-13793\", \"CVE-2017-13794\", \"CVE-2017-13795\", \"CVE-2017-13796\", \"CVE-2017-13798\", \"CVE-2017-13802\", \"CVE-2017-13803\");\n script_xref(name:\"USN\", value:\"3481-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3481-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3481-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.3-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.3-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.3-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.3-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.3-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.3-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:06:59", "description": "The remote host is affected by the vulnerability described in GLSA-201712-01\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n By enticing a victim to visit maliciously crafted web content, a remote\n attacker could execute arbitrary code or cause a denial of service\n condition.\n \nWorkaround :\n\n There are no known workarounds at this time.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-15T00:00:00", "title": "GLSA-201712-01 : WebKitGTK+: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2017-12-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:webkit-gtk"], "id": "GENTOO_GLSA-201712-01.NASL", "href": "https://www.tenable.com/plugins/nessus/105261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201712-01.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105261);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-13783\", \"CVE-2017-13784\", \"CVE-2017-13785\", \"CVE-2017-13788\", \"CVE-2017-13791\", \"CVE-2017-13792\", \"CVE-2017-13793\", \"CVE-2017-13794\", \"CVE-2017-13795\", \"CVE-2017-13796\", \"CVE-2017-13798\", \"CVE-2017-13802\", \"CVE-2017-13803\");\n script_xref(name:\"GLSA\", value:\"201712-01\");\n\n script_name(english:\"GLSA-201712-01 : WebKitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201712-01\n(WebKitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebKitGTK+. Please\n review the referenced CVE identifiers for details.\n \nImpact :\n\n By enticing a victim to visit maliciously crafted web content, a remote\n attacker could execute arbitrary code or cause a denial of service\n condition.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201712-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All WebKitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.18.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.18.3\"), vulnerable:make_list(\"lt 2.18.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebKitGTK+\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T03:33:13", "description": "The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.1. It is, therefore, affected by multiple vulnerabilities\nin webkit as referenced in the HT208224 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 31, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-02T00:00:00", "title": "Apple iTunes < 12.7.1 WebKit Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13797", "CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_1_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/104360", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104360);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-13783\",\n \"CVE-2017-13784\",\n \"CVE-2017-13785\",\n \"CVE-2017-13788\",\n \"CVE-2017-13791\",\n \"CVE-2017-13792\",\n \"CVE-2017-13793\",\n \"CVE-2017-13794\",\n \"CVE-2017-13795\",\n \"CVE-2017-13796\",\n \"CVE-2017-13797\",\n \"CVE-2017-13798\",\n \"CVE-2017-13802\",\n \"CVE-2017-13803\"\n );\n\n script_name(english:\"Apple iTunes < 12.7.1 WebKit Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.1. It is, therefore, affected by multiple vulnerabilities\nin webkit as referenced in the HT208224 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208224\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.7.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T03:33:12", "description": "The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.1. It is, therefore, affected by multiple vulnerabilities \nin webkit as referenced in the HT208224 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 31, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-02T00:00:00", "title": "Apple iTunes < 12.7.1 WebKit Multiple Vulnerabilities (credentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13797", "CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_1.NASL", "href": "https://www.tenable.com/plugins/nessus/104359", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104359);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-13783\",\n \"CVE-2017-13784\",\n \"CVE-2017-13785\",\n \"CVE-2017-13788\",\n \"CVE-2017-13791\",\n \"CVE-2017-13792\",\n \"CVE-2017-13793\",\n \"CVE-2017-13794\",\n \"CVE-2017-13795\",\n \"CVE-2017-13796\",\n \"CVE-2017-13797\",\n \"CVE-2017-13798\",\n \"CVE-2017-13802\",\n \"CVE-2017-13803\"\n );\n\n script_name(english:\"Apple iTunes < 12.7.1 WebKit Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.1. It is, therefore, affected by multiple vulnerabilities \nin webkit as referenced in the HT208224 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208224\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.7.1\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T03:39:47", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.0.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208223 security advisory.", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-02T00:00:00", "title": "macOS : Apple Safari < 11.0.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13797", "CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13790", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13789", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI11_1.NASL", "href": "https://www.tenable.com/plugins/nessus/104355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104355);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-13783\",\n \"CVE-2017-13784\",\n \"CVE-2017-13785\",\n \"CVE-2017-13788\",\n \"CVE-2017-13789\",\n \"CVE-2017-13790\",\n \"CVE-2017-13791\",\n \"CVE-2017-13792\",\n \"CVE-2017-13793\",\n \"CVE-2017-13794\",\n \"CVE-2017-13795\",\n \"CVE-2017-13796\",\n \"CVE-2017-13797\",\n \"CVE-2017-13798\",\n \"CVE-2017-13802\",\n \"CVE-2017-13803\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-5\");\n\n script_name(english:\"macOS : Apple Safari < 11.0.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.0.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208223 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208223\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a589f74\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13803\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n{\n audit(AUDIT_OS_NOT, \"Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13\");\n} \n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"11.0.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T01:25:48", "description": "According to its banner, the version of Apple TV on the remote device\nis prior to 11.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208219 security advisory.\n\nNote that only 4th and 5th generation models are affected by these\nvulnerabilities.", "edition": 34, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "title": "Apple TV < 11.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13797", "CVE-2017-13849", "CVE-2017-13792", "CVE-2017-13799", "CVE-2017-13080", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13804", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_11_1.NASL", "href": "https://www.tenable.com/plugins/nessus/104387", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104387);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/02/26 4:50:08\");\n\n script_cve_id(\n \"CVE-2017-13080\",\n \"CVE-2017-13783\",\n \"CVE-2017-13784\",\n \"CVE-2017-13785\",\n \"CVE-2017-13788\",\n \"CVE-2017-13791\",\n \"CVE-2017-13792\",\n \"CVE-2017-13793\",\n \"CVE-2017-13794\",\n \"CVE-2017-13795\",\n \"CVE-2017-13796\",\n \"CVE-2017-13797\",\n \"CVE-2017-13798\",\n \"CVE-2017-13799\",\n \"CVE-2017-13802\",\n \"CVE-2017-13803\",\n \"CVE-2017-13804\",\n \"CVE-2017-13849\"\n );\n script_bugtraq_id(101274);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-3\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"Apple TV < 11.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 11.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208219 security advisory.\n\nNote that only 4th and 5th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208219\");\n # https://seclists.org/fulldisclosure/2017/Nov/2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?67d01324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 11.1 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13799\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"15J582\";\ntvos_ver = '11';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_WARNING\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:43:21", "bulletinFamily": "software", "cvelist": ["CVE-2017-13797", "CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iTunes 12.7.1 for Windows\n\nReleased October 31, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated November 2, 2017\n", "edition": 2, "modified": "2017-11-02T11:20:48", "published": "2017-11-02T11:20:48", "id": "APPLE:HT208224", "href": "https://support.apple.com/kb/HT208224", "title": "About the security content of iTunes 12.7.1 for Windows - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:57", "bulletinFamily": "software", "cvelist": ["CVE-2017-13797", "CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iCloud for Windows 7.1\n\nReleased October 31, 2017\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated November 2, 2017\n", "edition": 2, "modified": "2017-11-02T11:20:27", "published": "2017-11-02T11:20:27", "id": "APPLE:HT208225", "href": "https://support.apple.com/kb/HT208225", "title": "About the security content of iCloud for Windows 7.1 - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:43:56", "bulletinFamily": "software", "cvelist": ["CVE-2017-13797", "CVE-2017-13792", "CVE-2017-13796", "CVE-2017-13802", "CVE-2017-13790", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13789", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## Safari 11.0.1\n\nReleased October 31, 2017\n\n**Safari**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13790: Zhiyang Zeng (@Wester) of Tencent Security Platform Department\n\nCVE-2017-13789: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated November 2, 2017\n", "edition": 2, "modified": "2017-11-03T10:33:33", "published": "2017-11-03T10:33:33", "id": "APPLE:HT208223", "href": "https://support.apple.com/kb/HT208223", "title": "About the security content of Safari 11.0.1 - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T20:44:42", "bulletinFamily": "software", "cvelist": ["CVE-2017-13797", "CVE-2017-13849", "CVE-2017-13792", "CVE-2017-13799", "CVE-2017-13080", "CVE-2017-13796", "CVE-2017-13852", "CVE-2017-13802", "CVE-2017-13078", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13804", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13077", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**StreamingZip**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated November 2, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K\n\nNot impacted: Apple TV (4th generation)\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 2, "modified": "2017-11-11T12:32:32", "published": "2017-11-11T12:32:32", "id": "APPLE:HT208219", "href": "https://support.apple.com/kb/HT208219", "title": "About the security content of tvOS 11.1 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:15", "bulletinFamily": "software", "cvelist": ["CVE-2017-13797", "CVE-2017-13844", "CVE-2017-13849", "CVE-2017-13792", "CVE-2017-13799", "CVE-2017-13080", "CVE-2017-13796", "CVE-2017-13852", "CVE-2017-13805", "CVE-2017-7113", "CVE-2017-13802", "CVE-2017-13078", "CVE-2017-13788", "CVE-2017-13794", "CVE-2017-13791", "CVE-2017-13803", "CVE-2017-13804", "CVE-2017-13793", "CVE-2017-13784", "CVE-2017-13783", "CVE-2017-13077", "CVE-2017-13798", "CVE-2017-13795", "CVE-2017-13785"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11.1\n\nReleased October 31, 2017\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted text file may lead to an unexpected application termination\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2017-13849: Ro of SavSec\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to access photos from the lock screen\n\nDescription: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.\n\nCVE-2017-13844: Miguel Alvarado of iDeviceHelp INC\n\n**Siri**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen\n\nDescription: An issue existed with Siri permissions. This was addressed with improved permission checking.\n\nCVE-2017-13805: Yi\u011fit Can YILMAZ (@yilmazcanyigit), Ayden Panhuyzen (madebyayden.co)\n\nEntry updated June 14, 2018\n\n**StreamingZip**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**UIKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Characters in a secure text field might be revealed\n\nDescription: The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management.\n\nCVE-2017-7113: an anonymous researcher, Duraiamuthan Harikrishnan of Tech Mahindra, Ricardo Sampayo of Bemo Ltd\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-13783: Ivan Fratric of Google Project Zero\n\nCVE-2017-13784: Ivan Fratric of Google Project Zero\n\nCVE-2017-13785: Ivan Fratric of Google Project Zero\n\nCVE-2017-13791: Ivan Fratric of Google Project Zero\n\nCVE-2017-13792: Ivan Fratric of Google Project Zero\n\nCVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative\n\nCVE-2017-13794: Ivan Fratric of Google Project Zero\n\nCVE-2017-13795: Ivan Fratric of Google Project Zero\n\nCVE-2017-13796: Ivan Fratric of Google Project Zero\n\nCVE-2017-13797: Ivan Fratric of Google Project Zero\n\nCVE-2017-13798: Ivan Fratric of Google Project Zero\n\nCVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2017-13802: Ivan Fratric of Google Project Zero\n\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nEntry updated December 21, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 8, iPhone 8 Plus, and iPhone X\n\nNot impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 2, "modified": "2018-06-15T06:47:29", "published": "2018-06-15T06:47:29", "id": "APPLE:HT208222", "href": "https://support.apple.com/kb/HT208222", "title": "About the security content of iOS 11.1 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
