7.5
CVSSv3

CVE-2017-2419

Published: 02/04/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 10.3 is affected. Safari prior to 10.1 is affected. The issue involves the "WebKit" component. It allows remote malicious users to bypass a Content Security Policy protection mechanism via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple safari

apple iphone os

Vendor Advisories

An issue has been found in WebKit, allowing remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors ...
Several security issues were fixed in WebKitGTK+ ...

Github Repositories

Awesome CVE PoC ✍️ A curated list of CVE PoCs Here is a collection about Proof of Concepts of C

Awesome CVE PoC ✍️ A curated list of CVE PoCs Here is a collection about Proof of Concepts of C

✍️ A curated list of CVE PoCs.

Awesome CVE PoC ✍️ A curated list of CVE PoCs Here is a collection about Proof of Concepts of C

Recent Articles

Microsoft won't patch Edge browser content security bypass
The Register • Richard Chirgwin • 07 Sep 2017

Tells Cisco's Talos it's a feature, not a bug. Apple and Google disagree and fixed it

Which of Google, Apple and Microsoft think a content security bypass doesn't warrant a browser patch?
Thanks to Cisco Talos security bod Nicolai Grødum, who found the cross-site scripting bug that affects older Chrome and Safari plus current versions of Edge, we know the answer is "Microsoft".
Grødum posted news of Microsoft's attitude here, explaining that if you use Chrome 57.0.2987.98 or later, you're already protected against CVE-2017-5033. Ditto users of iOS later than 10.3 an...