Published: 20/07/2017 Updated: 10/05/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue exists in certain Apple products. iOS prior to 10.3.3 is affected. Safari prior to 10.1.2 is affected. iCloud prior to 6.2.2 on Windows is affected. iTunes prior to 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows malicious users to bypass intended memory-read restrictions via a crafted app.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple itunes
apple iphone os
apple safari
apple icloud

Several security issues were fixed in WebKitGTK+ ...

An information disclosure issue has been found in WebKitGTK+ <= 2165, where an application may be able to read restricted memory ...

<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=1236 WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy Here's a snippet of JSArray::appendMemcpy bool JSArray::appendMemcpy(ExecState* exec, VM& vm, unsigned startIndex, JSC::JSArray* otherArray) { auto scope = DECLARE_THROW_SCOPE(vm); if (!canFast ...

WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability ...

CWE-20 https://support.apple.com/HT207928 https://support.apple.com/HT207927 https://support.apple.com/HT207923 https://support.apple.com/HT207921 http://www.securitytracker.com/id/1038950 http://www.securityfocus.com/bid/99890 https://www.exploit-db.com/exploits/42375/https://nvd.nist.gov https://usn.ubuntu.com/3376-1/https://www.exploit-db.com/exploits/42375/

CVE-2017-7064

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect