8.8
CVSSv3

CVE-2017-2369

Published: 20/02/2017 Updated: 21/11/2024

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 10.2.1 is affected. Safari prior to 10.0.3 is affected. tvOS prior to 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple safari

apple tvos

webkitgtk webkitgtk+

Vendor Advisories

Several security issues were fixed in WebKitGTK+ ...
Several memory corruption issues have been found in WebKitGTK+ before 2144, leading to arbitrary code execution while processing maliciously crafted web content ...

Exploits

<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=999 --> <keygen id="keygen_element" style="position:absolute; height: 100px; width: 100px;"> <script> var range = documentcaretRangeFromPoint(50, 50); var shadow_tree_container = rangecommonAncestorContainer; shadow_tree_containerprepend("foo"); keygen_elem ...
Apple WebKit suffers from a HTMLKeygenElement type confusion vulnerability ...