An issue exists in certain Apple products. iOS prior to 10.3.3 is affected. Safari prior to 10.1.2 is affected. iCloud prior to 6.2.2 on Windows is affected. iTunes prior to 12.6.2 on Windows is affected. tvOS prior to 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari |
||
apple iphone os |
||
apple tvos |
||
apple icloud |
||
apple itunes |
||
apple webkit - |
Project Zero, GCHQ, and city of Mishawaka, Indiana among credited bug-hunters
Apple has today released patches addressing roughly four dozen exploitable security vulnerabilities in iOS, macOS, and WatchOS. The iOS 10.3.3 update resolves 47 flaws for the iPhone, iPad and iPod Touch, including multiple remote code execution holes in the WebKit browser engine. Fixes were also posted for the Apple Watch's WatchOS firmware. Of the CVE-listed flaws in the update, 23 were found in WebKit, the browser engine Apple uses for iOS and Safari. Those include 16 memory corruption errors...