6.8
CVSSv2

CVE-2017-2457

Published: 02/04/2017 Updated: 16/08/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 10.3 is affected. Safari prior to 10.1 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Vulnerable Product Search on Vulmon Subscribe to Product

apple safari

apple iphone os

Vendor Advisories

An issue has been found in WebKit, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Several security issues were fixed in WebKitGTK+ ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Arch Linux Security Advisory ASA-201704-9 ========================================= Severity: Critical Date : 2017-04-28 CVE-ID : CVE-2016-9642 CVE-2016-9643 CVE-2017-2367 CVE-2017-2376 CVE-2017-2377 CVE-2017-2386 CVE-2017-2392 CVE-2017-2394 CVE-2017-2395 CVE-2017-2396 CVE-2017-2405 CVE-2017-2415 CVE-2017-2419 CVE ...

Exploits

<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=1085 EncodedJSValue JSC_HOST_CALL constructJSReadableStreamDefaultReader(ExecState& exec) { VM& vm = execvm(); auto scope = DECLARE_THROW_SCOPE(vm); JSReadableStream* stream = jsDynamicDowncast<JSReadableStream*>(execargument(0)); if (!stream ...

Mailing Lists

WebKit suffers from a type confusion vulnerability in constructJSReadableStreamDefaultReader ...