Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-2486 (GCVE-0-2017-2486)
Vulnerability from cvelistv5 – Published: 2017-04-02 01:36 – Updated: 2024-08-05 13:55
VLAI?
EPSS
Summary
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:05.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97147",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97147"
},
{
"name": "1038138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "97147",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97147"
},
{
"name": "1038138",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97147"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2017-2486",
"datePublished": "2017-04-02T01:36:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:05.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.0.3\", \"matchCriteriaId\": \"825911CC-F341-4198-B830-E7CF701BB88D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.2.1\", \"matchCriteriaId\": \"A705829E-76A8-4AA8-8D82-037E4E8A52FC\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \\\"WebKit\\\" component. It allows remote attackers to spoof the address bar via a crafted web site.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 est\\u00e1 afectado. Safari en versiones anteriores a 10.1 est\\u00e1 afectado. El problema involucra al componente \\\"WebKit\\\". Esto permite a atacantes remotos suplantar la barra de direcciones a trav\\u00e9s de un sitio web manipulado.\"}]",
"id": "CVE-2017-2486",
"lastModified": "2024-11-21T03:23:37.440",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-04-02T01:59:03.967",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/97147\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038138\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT207600\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207617\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97147\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038138\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT207600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207617\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-425\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-2486\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-04-02T01:59:03.967\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \\\"WebKit\\\" component. It allows remote attackers to spoof the address bar via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 est\u00e1 afectado. Safari en versiones anteriores a 10.1 est\u00e1 afectado. El problema involucra al componente \\\"WebKit\\\". Esto permite a atacantes remotos suplantar la barra de direcciones a trav\u00e9s de un sitio web manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0.3\",\"matchCriteriaId\":\"825911CC-F341-4198-B830-E7CF701BB88D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.2.1\",\"matchCriteriaId\":\"A705829E-76A8-4AA8-8D82-037E4E8A52FC\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97147\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038138\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207600\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207617\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2017-AVI-092
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 3.2 | ||
| Apple | N/A | iOS versions antérieures à 10.3 | ||
| Apple | N/A | Pages versions antérieures à 3.1, Numbers versions antérieures à 3.1 et Keynote versions antérieures à 3.1 pour iOS | ||
| Apple | macOS | macOS Yosemite sans le Security Update 2017-001 | ||
| Apple | macOS | macOS Server versions antérieures à 5.3 | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.4 | ||
| Apple | macOS | macOS El Capitan sans le Security Update 2017-001 | ||
| Apple | N/A | tvOS versions antérieures à 10.2 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2 | ||
| Apple | Safari | Safari versions antérieures à 10.1 | ||
| Apple | N/A | Pages versions antérieures à 6.1, Numbers versions antérieures à 4.1 et Keynote versions antérieures à 7.1 pour Mac |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 3.1, Numbers versions ant\u00e9rieures \u00e0 3.1 et Keynote versions ant\u00e9rieures \u00e0 3.1 pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Yosemite sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Server versions ant\u00e9rieures \u00e0 5.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS El Capitan sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 6.1, Numbers versions ant\u00e9rieures \u00e0 4.1 et Keynote versions ant\u00e9rieures \u00e0 7.1 pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2455"
},
{
"name": "CVE-2016-7922",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7922"
},
{
"name": "CVE-2016-7936",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7936"
},
{
"name": "CVE-2017-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2464"
},
{
"name": "CVE-2017-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2397"
},
{
"name": "CVE-2017-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2414"
},
{
"name": "CVE-2017-2404",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2404"
},
{
"name": "CVE-2017-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2376"
},
{
"name": "CVE-2017-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6974"
},
{
"name": "CVE-2017-5203",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5203"
},
{
"name": "CVE-2016-7933",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7933"
},
{
"name": "CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"name": "CVE-2017-5204",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5204"
},
{
"name": "CVE-2017-2400",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2400"
},
{
"name": "CVE-2017-5484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5484"
},
{
"name": "CVE-2017-2413",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2413"
},
{
"name": "CVE-2017-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2391"
},
{
"name": "CVE-2017-2420",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2420"
},
{
"name": "CVE-2017-2446",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2446"
},
{
"name": "CVE-2016-7993",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7993"
},
{
"name": "CVE-2016-7932",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7932"
},
{
"name": "CVE-2017-2431",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2431"
},
{
"name": "CVE-2017-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2367"
},
{
"name": "CVE-2016-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7973"
},
{
"name": "CVE-2016-8575",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8575"
},
{
"name": "CVE-2017-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2418"
},
{
"name": "CVE-2017-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2412"
},
{
"name": "CVE-2017-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2426"
},
{
"name": "CVE-2017-2448",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2448"
},
{
"name": "CVE-2017-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2462"
},
{
"name": "CVE-2016-9540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9540"
},
{
"name": "CVE-2017-2452",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2452"
},
{
"name": "CVE-2017-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2437"
},
{
"name": "CVE-2017-2423",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2423"
},
{
"name": "CVE-2017-2472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2472"
},
{
"name": "CVE-2016-9643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9643"
},
{
"name": "CVE-2016-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1001"
},
{
"name": "CVE-2016-8574",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8574"
},
{
"name": "CVE-2017-2453",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2453"
},
{
"name": "CVE-2017-2487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2487"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2017-2396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2396"
},
{
"name": "CVE-2017-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2475"
},
{
"name": "CVE-2017-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2481"
},
{
"name": "CVE-2017-5483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5483"
},
{
"name": "CVE-2017-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2440"
},
{
"name": "CVE-2017-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2479"
},
{
"name": "CVE-2017-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2468"
},
{
"name": "CVE-2017-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2388"
},
{
"name": "CVE-2016-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1015"
},
{
"name": "CVE-2017-2458",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2458"
},
{
"name": "CVE-2017-2471",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2471"
},
{
"name": "CVE-2016-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7975"
},
{
"name": "CVE-2016-7986",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7986"
},
{
"name": "CVE-2017-2406",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2406"
},
{
"name": "CVE-2017-5485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5485"
},
{
"name": "CVE-2017-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2441"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-2443",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2443"
},
{
"name": "CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"name": "CVE-2016-7934",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7934"
},
{
"name": "CVE-2017-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2463"
},
{
"name": "CVE-2017-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2392"
},
{
"name": "CVE-2016-9533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9533"
},
{
"name": "CVE-2017-2428",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2428"
},
{
"name": "CVE-2016-7928",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7928"
},
{
"name": "CVE-2017-2439",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2439"
},
{
"name": "CVE-2017-2408",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2408"
},
{
"name": "CVE-2017-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2390"
},
{
"name": "CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"name": "CVE-2017-2449",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2449"
},
{
"name": "CVE-2016-7927",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7927"
},
{
"name": "CVE-2017-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2383"
},
{
"name": "CVE-2017-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2483"
},
{
"name": "CVE-2007-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
},
{
"name": "CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"name": "CVE-2016-9536",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9536"
},
{
"name": "CVE-2017-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2486"
},
{
"name": "CVE-2017-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2465"
},
{
"name": "CVE-2017-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2422"
},
{
"name": "CVE-2016-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7974"
},
{
"name": "CVE-2017-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2425"
},
{
"name": "CVE-2017-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5341"
},
{
"name": "CVE-2017-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2399"
},
{
"name": "CVE-2017-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2389"
},
{
"name": "CVE-2017-2485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2485"
},
{
"name": "CVE-2016-7935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7935"
},
{
"name": "CVE-2017-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2478"
},
{
"name": "CVE-2017-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2467"
},
{
"name": "CVE-2016-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
},
{
"name": "CVE-2017-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2435"
},
{
"name": "CVE-2016-9537",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9537"
},
{
"name": "CVE-2017-2407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2407"
},
{
"name": "CVE-2017-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2385"
},
{
"name": "CVE-2017-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2424"
},
{
"name": "CVE-2017-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2436"
},
{
"name": "CVE-2017-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2454"
},
{
"name": "CVE-2016-7984",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7984"
},
{
"name": "CVE-2016-7585",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7585"
},
{
"name": "CVE-2016-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9935"
},
{
"name": "CVE-2016-7931",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7931"
},
{
"name": "CVE-2017-2378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2378"
},
{
"name": "CVE-2016-7939",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7939"
},
{
"name": "CVE-2017-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2377"
},
{
"name": "CVE-2017-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2402"
},
{
"name": "CVE-2017-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2427"
},
{
"name": "CVE-2017-2473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2473"
},
{
"name": "CVE-2017-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2398"
},
{
"name": "CVE-2017-2469",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2469"
},
{
"name": "CVE-2016-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3619"
},
{
"name": "CVE-2017-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2459"
},
{
"name": "CVE-2017-2386",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2386"
},
{
"name": "CVE-2017-2401",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2401"
},
{
"name": "CVE-2016-7923",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7923"
},
{
"name": "CVE-2017-2419",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2419"
},
{
"name": "CVE-2017-2474",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2474"
},
{
"name": "CVE-2016-7985",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7985"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-2409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2409"
},
{
"name": "CVE-2016-7992",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7992"
},
{
"name": "CVE-2017-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2380"
},
{
"name": "CVE-2017-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2484"
},
{
"name": "CVE-2017-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2466"
},
{
"name": "CVE-2017-2393",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2393"
},
{
"name": "CVE-2017-2395",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2395"
},
{
"name": "CVE-2017-2445",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2445"
},
{
"name": "CVE-2016-7929",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7929"
},
{
"name": "CVE-2017-2442",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2442"
},
{
"name": "CVE-2017-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2416"
},
{
"name": "CVE-2017-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2444"
},
{
"name": "CVE-2017-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2364"
},
{
"name": "CVE-2017-5342",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5342"
},
{
"name": "CVE-2017-2415",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2415"
},
{
"name": "CVE-2017-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2379"
},
{
"name": "CVE-2017-2457",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2457"
},
{
"name": "CVE-2017-2434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2434"
},
{
"name": "CVE-2017-2382",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2382"
},
{
"name": "CVE-2017-2381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2381"
},
{
"name": "CVE-2017-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2410"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-2421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2421"
},
{
"name": "CVE-2017-5205",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5205"
},
{
"name": "CVE-2016-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7940"
},
{
"name": "CVE-2017-2438",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2438"
},
{
"name": "CVE-2017-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2460"
},
{
"name": "CVE-2017-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5482"
},
{
"name": "CVE-2016-7926",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7926"
},
{
"name": "CVE-2017-2403",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2403"
},
{
"name": "CVE-2017-2461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2461"
},
{
"name": "CVE-2017-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2384"
},
{
"name": "CVE-2017-5486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5486"
},
{
"name": "CVE-2016-7937",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7937"
},
{
"name": "CVE-2016-7983",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7983"
},
{
"name": "CVE-2016-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1016"
},
{
"name": "CVE-2016-9642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9642"
},
{
"name": "CVE-2016-7925",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7925"
},
{
"name": "CVE-2017-2405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2405"
},
{
"name": "CVE-2017-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2417"
},
{
"name": "CVE-2017-2447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2447"
},
{
"name": "CVE-2017-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2482"
},
{
"name": "CVE-2017-2451",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2451"
},
{
"name": "CVE-2017-2430",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2430"
},
{
"name": "CVE-2016-7930",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7930"
},
{
"name": "CVE-2017-2456",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2456"
},
{
"name": "CVE-2016-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
},
{
"name": "CVE-2017-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2432"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2017-2470",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2470"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2017-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2476"
},
{
"name": "CVE-2016-7938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7938"
},
{
"name": "CVE-2017-5202",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5202"
},
{
"name": "CVE-2016-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000"
},
{
"name": "CVE-2017-2433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2433"
},
{
"name": "CVE-2017-2450",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2450"
},
{
"name": "CVE-2017-2480",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2480"
},
{
"name": "CVE-2016-9535",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9535"
},
{
"name": "CVE-2016-7924",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7924"
},
{
"name": "CVE-2017-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2429"
},
{
"name": "CVE-2017-2394",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2394"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-092",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-03-28T00:00:00.000000"
},
{
"description": "ajout des informations li\u00e9es au bulletin de s\u00e9curit\u00e9 HT207607.",
"revision_date": "2017-03-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207604 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207607 du 28 mars 2017",
"url": "https://support.apple.com/en-us/HT207607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207615 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207615"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207602 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207600 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207595 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207601 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207617 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207617"
}
]
}
CERTFR-2017-AVI-092
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 3.2 | ||
| Apple | N/A | iOS versions antérieures à 10.3 | ||
| Apple | N/A | Pages versions antérieures à 3.1, Numbers versions antérieures à 3.1 et Keynote versions antérieures à 3.1 pour iOS | ||
| Apple | macOS | macOS Yosemite sans le Security Update 2017-001 | ||
| Apple | macOS | macOS Server versions antérieures à 5.3 | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.4 | ||
| Apple | macOS | macOS El Capitan sans le Security Update 2017-001 | ||
| Apple | N/A | tvOS versions antérieures à 10.2 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2 | ||
| Apple | Safari | Safari versions antérieures à 10.1 | ||
| Apple | N/A | Pages versions antérieures à 6.1, Numbers versions antérieures à 4.1 et Keynote versions antérieures à 7.1 pour Mac |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 3.1, Numbers versions ant\u00e9rieures \u00e0 3.1 et Keynote versions ant\u00e9rieures \u00e0 3.1 pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Yosemite sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Server versions ant\u00e9rieures \u00e0 5.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS El Capitan sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 6.1, Numbers versions ant\u00e9rieures \u00e0 4.1 et Keynote versions ant\u00e9rieures \u00e0 7.1 pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2455"
},
{
"name": "CVE-2016-7922",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7922"
},
{
"name": "CVE-2016-7936",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7936"
},
{
"name": "CVE-2017-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2464"
},
{
"name": "CVE-2017-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2397"
},
{
"name": "CVE-2017-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2414"
},
{
"name": "CVE-2017-2404",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2404"
},
{
"name": "CVE-2017-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2376"
},
{
"name": "CVE-2017-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6974"
},
{
"name": "CVE-2017-5203",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5203"
},
{
"name": "CVE-2016-7933",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7933"
},
{
"name": "CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"name": "CVE-2017-5204",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5204"
},
{
"name": "CVE-2017-2400",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2400"
},
{
"name": "CVE-2017-5484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5484"
},
{
"name": "CVE-2017-2413",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2413"
},
{
"name": "CVE-2017-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2391"
},
{
"name": "CVE-2017-2420",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2420"
},
{
"name": "CVE-2017-2446",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2446"
},
{
"name": "CVE-2016-7993",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7993"
},
{
"name": "CVE-2016-7932",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7932"
},
{
"name": "CVE-2017-2431",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2431"
},
{
"name": "CVE-2017-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2367"
},
{
"name": "CVE-2016-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7973"
},
{
"name": "CVE-2016-8575",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8575"
},
{
"name": "CVE-2017-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2418"
},
{
"name": "CVE-2017-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2412"
},
{
"name": "CVE-2017-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2426"
},
{
"name": "CVE-2017-2448",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2448"
},
{
"name": "CVE-2017-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2462"
},
{
"name": "CVE-2016-9540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9540"
},
{
"name": "CVE-2017-2452",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2452"
},
{
"name": "CVE-2017-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2437"
},
{
"name": "CVE-2017-2423",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2423"
},
{
"name": "CVE-2017-2472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2472"
},
{
"name": "CVE-2016-9643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9643"
},
{
"name": "CVE-2016-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1001"
},
{
"name": "CVE-2016-8574",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8574"
},
{
"name": "CVE-2017-2453",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2453"
},
{
"name": "CVE-2017-2487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2487"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2017-2396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2396"
},
{
"name": "CVE-2017-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2475"
},
{
"name": "CVE-2017-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2481"
},
{
"name": "CVE-2017-5483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5483"
},
{
"name": "CVE-2017-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2440"
},
{
"name": "CVE-2017-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2479"
},
{
"name": "CVE-2017-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2468"
},
{
"name": "CVE-2017-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2388"
},
{
"name": "CVE-2016-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1015"
},
{
"name": "CVE-2017-2458",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2458"
},
{
"name": "CVE-2017-2471",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2471"
},
{
"name": "CVE-2016-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7975"
},
{
"name": "CVE-2016-7986",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7986"
},
{
"name": "CVE-2017-2406",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2406"
},
{
"name": "CVE-2017-5485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5485"
},
{
"name": "CVE-2017-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2441"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-2443",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2443"
},
{
"name": "CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"name": "CVE-2016-7934",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7934"
},
{
"name": "CVE-2017-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2463"
},
{
"name": "CVE-2017-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2392"
},
{
"name": "CVE-2016-9533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9533"
},
{
"name": "CVE-2017-2428",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2428"
},
{
"name": "CVE-2016-7928",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7928"
},
{
"name": "CVE-2017-2439",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2439"
},
{
"name": "CVE-2017-2408",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2408"
},
{
"name": "CVE-2017-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2390"
},
{
"name": "CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"name": "CVE-2017-2449",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2449"
},
{
"name": "CVE-2016-7927",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7927"
},
{
"name": "CVE-2017-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2383"
},
{
"name": "CVE-2017-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2483"
},
{
"name": "CVE-2007-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
},
{
"name": "CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"name": "CVE-2016-9536",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9536"
},
{
"name": "CVE-2017-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2486"
},
{
"name": "CVE-2017-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2465"
},
{
"name": "CVE-2017-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2422"
},
{
"name": "CVE-2016-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7974"
},
{
"name": "CVE-2017-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2425"
},
{
"name": "CVE-2017-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5341"
},
{
"name": "CVE-2017-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2399"
},
{
"name": "CVE-2017-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2389"
},
{
"name": "CVE-2017-2485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2485"
},
{
"name": "CVE-2016-7935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7935"
},
{
"name": "CVE-2017-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2478"
},
{
"name": "CVE-2017-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2467"
},
{
"name": "CVE-2016-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
},
{
"name": "CVE-2017-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2435"
},
{
"name": "CVE-2016-9537",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9537"
},
{
"name": "CVE-2017-2407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2407"
},
{
"name": "CVE-2017-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2385"
},
{
"name": "CVE-2017-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2424"
},
{
"name": "CVE-2017-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2436"
},
{
"name": "CVE-2017-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2454"
},
{
"name": "CVE-2016-7984",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7984"
},
{
"name": "CVE-2016-7585",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7585"
},
{
"name": "CVE-2016-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9935"
},
{
"name": "CVE-2016-7931",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7931"
},
{
"name": "CVE-2017-2378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2378"
},
{
"name": "CVE-2016-7939",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7939"
},
{
"name": "CVE-2017-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2377"
},
{
"name": "CVE-2017-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2402"
},
{
"name": "CVE-2017-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2427"
},
{
"name": "CVE-2017-2473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2473"
},
{
"name": "CVE-2017-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2398"
},
{
"name": "CVE-2017-2469",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2469"
},
{
"name": "CVE-2016-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3619"
},
{
"name": "CVE-2017-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2459"
},
{
"name": "CVE-2017-2386",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2386"
},
{
"name": "CVE-2017-2401",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2401"
},
{
"name": "CVE-2016-7923",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7923"
},
{
"name": "CVE-2017-2419",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2419"
},
{
"name": "CVE-2017-2474",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2474"
},
{
"name": "CVE-2016-7985",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7985"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-2409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2409"
},
{
"name": "CVE-2016-7992",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7992"
},
{
"name": "CVE-2017-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2380"
},
{
"name": "CVE-2017-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2484"
},
{
"name": "CVE-2017-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2466"
},
{
"name": "CVE-2017-2393",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2393"
},
{
"name": "CVE-2017-2395",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2395"
},
{
"name": "CVE-2017-2445",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2445"
},
{
"name": "CVE-2016-7929",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7929"
},
{
"name": "CVE-2017-2442",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2442"
},
{
"name": "CVE-2017-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2416"
},
{
"name": "CVE-2017-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2444"
},
{
"name": "CVE-2017-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2364"
},
{
"name": "CVE-2017-5342",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5342"
},
{
"name": "CVE-2017-2415",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2415"
},
{
"name": "CVE-2017-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2379"
},
{
"name": "CVE-2017-2457",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2457"
},
{
"name": "CVE-2017-2434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2434"
},
{
"name": "CVE-2017-2382",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2382"
},
{
"name": "CVE-2017-2381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2381"
},
{
"name": "CVE-2017-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2410"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-2421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2421"
},
{
"name": "CVE-2017-5205",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5205"
},
{
"name": "CVE-2016-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7940"
},
{
"name": "CVE-2017-2438",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2438"
},
{
"name": "CVE-2017-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2460"
},
{
"name": "CVE-2017-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5482"
},
{
"name": "CVE-2016-7926",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7926"
},
{
"name": "CVE-2017-2403",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2403"
},
{
"name": "CVE-2017-2461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2461"
},
{
"name": "CVE-2017-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2384"
},
{
"name": "CVE-2017-5486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5486"
},
{
"name": "CVE-2016-7937",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7937"
},
{
"name": "CVE-2016-7983",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7983"
},
{
"name": "CVE-2016-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1016"
},
{
"name": "CVE-2016-9642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9642"
},
{
"name": "CVE-2016-7925",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7925"
},
{
"name": "CVE-2017-2405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2405"
},
{
"name": "CVE-2017-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2417"
},
{
"name": "CVE-2017-2447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2447"
},
{
"name": "CVE-2017-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2482"
},
{
"name": "CVE-2017-2451",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2451"
},
{
"name": "CVE-2017-2430",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2430"
},
{
"name": "CVE-2016-7930",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7930"
},
{
"name": "CVE-2017-2456",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2456"
},
{
"name": "CVE-2016-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
},
{
"name": "CVE-2017-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2432"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2017-2470",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2470"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2017-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2476"
},
{
"name": "CVE-2016-7938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7938"
},
{
"name": "CVE-2017-5202",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5202"
},
{
"name": "CVE-2016-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000"
},
{
"name": "CVE-2017-2433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2433"
},
{
"name": "CVE-2017-2450",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2450"
},
{
"name": "CVE-2017-2480",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2480"
},
{
"name": "CVE-2016-9535",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9535"
},
{
"name": "CVE-2016-7924",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7924"
},
{
"name": "CVE-2017-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2429"
},
{
"name": "CVE-2017-2394",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2394"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-092",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-03-28T00:00:00.000000"
},
{
"description": "ajout des informations li\u00e9es au bulletin de s\u00e9curit\u00e9 HT207607.",
"revision_date": "2017-03-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207604 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207607 du 28 mars 2017",
"url": "https://support.apple.com/en-us/HT207607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207615 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207615"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207602 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207600 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207595 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207601 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207617 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207617"
}
]
}
VAR-201704-0809
Vulnerability from variot - Updated: 2023-12-18 10:45An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. Apple macOS/iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of Apple iOS versions prior to 10.3 and Safari versions prior to 10.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0809",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3 (ipod touch first 6 after generation )"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "security update yosemite",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "security update el capitan",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
}
],
"sources": [
{
"db": "BID",
"id": "97147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2486"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lokihardt of Google Project Zero, Lufeng Li of Qihoo 360 Vulcan Team, anonymous researcher.,redrain of light4freedom",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
],
"trust": 0.6
},
"cve": "CVE-2017-2486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2486",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-110689",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-2486",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2486",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110689",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site. Apple macOS/iOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of Apple iOS versions prior to 10.3 and Safari versions prior to 10.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "BID",
"id": "97147"
},
{
"db": "VULHUB",
"id": "VHN-110689"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2486",
"trust": 2.8
},
{
"db": "BID",
"id": "97147",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038138",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU90482935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1265",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110689",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110689"
},
{
"db": "BID",
"id": "97147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"id": "VAR-201704-0809",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110689"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:45:43.204000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207617"
},
{
"title": "HT207617",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207617"
},
{
"title": "Apple macOS Sierra and iOS WebKit Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68817"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "NVD",
"id": "CVE-2017-2486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97147"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207600"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207617"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038138"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2486"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90482935/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2486"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110689"
},
{
"db": "BID",
"id": "97147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110689"
},
{
"db": "BID",
"id": "97147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110689"
},
{
"date": "2017-03-27T00:00:00",
"db": "BID",
"id": "97147"
},
{
"date": "2017-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"date": "2017-04-02T01:59:03.967000",
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-110689"
},
{
"date": "2017-06-08T08:02:00",
"db": "BID",
"id": "97147"
},
{
"date": "2017-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002339"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-2486"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Used in etc. Webkit Vulnerable to address bar spoofing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002339"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1265"
}
],
"trust": 0.6
}
}
FKIE_CVE-2017-2486
Vulnerability from fkie_nvd - Published: 2017-04-02 01:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://www.securityfocus.com/bid/97147 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1038138 | ||
| product-security@apple.com | https://support.apple.com/HT207600 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT207617 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97147 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038138 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT207600 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT207617 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825911CC-F341-4198-B830-E7CF701BB88D",
"versionEndIncluding": "10.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A705829E-76A8-4AA8-8D82-037E4E8A52FC",
"versionEndIncluding": "10.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 est\u00e1 afectado. Safari en versiones anteriores a 10.1 est\u00e1 afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos suplantar la barra de direcciones a trav\u00e9s de un sitio web manipulado."
}
],
"id": "CVE-2017-2486",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T01:59:03.967",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97147"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207600"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207617"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2017-2486
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-2486",
"description": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site.",
"id": "GSD-2017-2486"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-2486"
],
"details": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site.",
"id": "GSD-2017-2486",
"modified": "2023-12-13T01:21:05.873824Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97147"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2486"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207617"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207600"
},
{
"name": "97147",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97147"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1038138"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-04-02T01:59Z"
}
}
}
CNVD-2017-06750
Vulnerability from cnvd - Published: 2017-05-16
VLAI Severity ?
Title
Apple iOS webkit地址栏伪造漏洞
Description
Apple iOS是一款用于苹果智能设备的操作系统。
Apple iOS使用的Webkit用户接口地址栏存在伪造漏洞,允许攻击者构建恶意链接,诱使用户点击,可伪造地址栏。
Severity
中
Patch Name
Apple iOS webkit地址栏伪造漏洞的补丁
Patch Description
Apple iOS是一款用于苹果智能设备的操作系统。
Apple iOS使用的Webkit用户接口地址栏存在伪造漏洞,允许攻击者构建恶意链接,诱使用户点击,可伪造地址栏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://support.apple.com/zh-cn/HT207617
Reference
https://support.apple.com/zh-cn/HT207617
Impacted products
| Name | ['Apple Safari <10.1', 'Apple IOS <10.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-2486"
}
},
"description": "Apple iOS\u662f\u4e00\u6b3e\u7528\u4e8e\u82f9\u679c\u667a\u80fd\u8bbe\u5907\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u4f7f\u7528\u7684Webkit\u7528\u6237\u63a5\u53e3\u5730\u5740\u680f\u5b58\u5728\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u94fe\u63a5\uff0c\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\uff0c\u53ef\u4f2a\u9020\u5730\u5740\u680f\u3002",
"discovererName": "Apple",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/zh-cn/HT207617",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-06750",
"openTime": "2017-05-16",
"patchDescription": "Apple iOS\u662f\u4e00\u6b3e\u7528\u4e8e\u82f9\u679c\u667a\u80fd\u8bbe\u5907\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple iOS\u4f7f\u7528\u7684Webkit\u7528\u6237\u63a5\u53e3\u5730\u5740\u680f\u5b58\u5728\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u94fe\u63a5\uff0c\u8bf1\u4f7f\u7528\u6237\u70b9\u51fb\uff0c\u53ef\u4f2a\u9020\u5730\u5740\u680f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple iOS webkit\u5730\u5740\u680f\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Apple Safari \u003c10.1",
"Apple IOS \u003c10.3"
]
},
"referenceLink": "https://support.apple.com/zh-cn/HT207617",
"serverity": "\u4e2d",
"submitTime": "2017-04-25",
"title": "Apple iOS webkit\u5730\u5740\u680f\u4f2a\u9020\u6f0f\u6d1e"
}
GHSA-348P-XJ72-P29J
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI?
Details
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-2486"
],
"database_specific": {
"cwe_ids": [
"CWE-425"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-02T01:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site.",
"id": "GHSA-348p-xj72-p29j",
"modified": "2022-05-13T01:44:52Z",
"published": "2022-05-13T01:44:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2486"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207600"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207617"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97147"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038138"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…