Vulnerability CVE-2017-7061


Published: 2017-07-20   Modified: 2017-09-14

Description:
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
WebKit JSC BytecodeGenerator::emitGetByVal Incorrect Optimization
lokihardt
12.09.2017

Vendor: Apple
Product: Icloud 
Version: 6.2.1;
Product: Itunes 
Version: 12.6.1;
Product: Iphone os 
Version: 10.3.2;
Product: Apple tv 
Version: 10.2.1;
Product: Safari 
Version: 10.1.1;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/99885
http://www.securitytracker.com/id/1038950
https://support.apple.com/HT207921
https://support.apple.com/HT207923
https://support.apple.com/HT207924
https://support.apple.com/HT207927
https://support.apple.com/HT207928
https://www.exploit-db.com/exploits/42666/

Related CVE
CVE-2017-13872
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain ...
CVE-2017-7132
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted O...
CVE-2017-7113
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event.
CVE-2017-13844
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
CVE-2017-13849
An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (applic...
CVE-2017-13852
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor ...
CVE-2017-13846
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unsp...
CVE-2017-13842
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Copyright 2017, cxsecurity.com

 

Back to Top