Details of VAR-201704-0816

ID

VAR-201704-0816

CVE

CVE-2017-2442

TITLE

Apple iOS and Safari Used in etc. WebKit JavaScript Bindings Vulnerabilities that bypass the same origin policy in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-002439

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Apple iOS and Safari Used in etc. Attackers can exploit these issues to conduct spoofing attacks, execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. Attackers can use malicious web content to exploit this vulnerability to cause data leakage. =========================================================================== Ubuntu Security Notice USN-3257-1 April 10, 2017 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libjavascriptcoregtk-4.0-18 2.16.1-0ubuntu0.16.10.1 libwebkit2gtk-4.0-37 2.16.1-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.16.1-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.16.1-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3257-1 CVE-2016-9642, CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475, CVE-2017-2476, CVE-2017-2481 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.1-0ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.1-0ubuntu0.16.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201706-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: June 07, 2017 Bugs: #543650, #573656, #577068, #608958, #614876, #619788 ID: 201706-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which allows remote attackers to execute arbitrary code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4" References ========== [ 1 ] CVE-2015-2330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330 [ 2 ] CVE-2015-7096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096 [ 3 ] CVE-2015-7098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098 [ 4 ] CVE-2016-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723 [ 5 ] CVE-2016-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724 [ 6 ] CVE-2016-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725 [ 7 ] CVE-2016-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726 [ 8 ] CVE-2016-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727 [ 9 ] CVE-2016-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728 [ 10 ] CVE-2016-4692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692 [ 11 ] CVE-2016-4743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743 [ 12 ] CVE-2016-7586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586 [ 13 ] CVE-2016-7587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587 [ 14 ] CVE-2016-7589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589 [ 15 ] CVE-2016-7592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592 [ 16 ] CVE-2016-7598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598 [ 17 ] CVE-2016-7599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599 [ 18 ] CVE-2016-7610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610 [ 19 ] CVE-2016-7611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611 [ 20 ] CVE-2016-7623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623 [ 21 ] CVE-2016-7632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632 [ 22 ] CVE-2016-7635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635 [ 23 ] CVE-2016-7639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639 [ 24 ] CVE-2016-7640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640 [ 25 ] CVE-2016-7641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641 [ 26 ] CVE-2016-7642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642 [ 27 ] CVE-2016-7645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645 [ 28 ] CVE-2016-7646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646 [ 29 ] CVE-2016-7648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648 [ 30 ] CVE-2016-7649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649 [ 31 ] CVE-2016-7652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652 [ 32 ] CVE-2016-7654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654 [ 33 ] CVE-2016-7656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656 [ 34 ] CVE-2016-9642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642 [ 35 ] CVE-2016-9643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643 [ 36 ] CVE-2017-2350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350 [ 37 ] CVE-2017-2354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354 [ 38 ] CVE-2017-2355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355 [ 39 ] CVE-2017-2356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356 [ 40 ] CVE-2017-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362 [ 41 ] CVE-2017-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363 [ 42 ] CVE-2017-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364 [ 43 ] CVE-2017-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365 [ 44 ] CVE-2017-2366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366 [ 45 ] CVE-2017-2367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367 [ 46 ] CVE-2017-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369 [ 47 ] CVE-2017-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371 [ 48 ] CVE-2017-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373 [ 49 ] CVE-2017-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376 [ 50 ] CVE-2017-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377 [ 51 ] CVE-2017-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386 [ 52 ] CVE-2017-2392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392 [ 53 ] CVE-2017-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394 [ 54 ] CVE-2017-2395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395 [ 55 ] CVE-2017-2396 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396 [ 56 ] CVE-2017-2405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405 [ 57 ] CVE-2017-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415 [ 58 ] CVE-2017-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419 [ 59 ] CVE-2017-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433 [ 60 ] CVE-2017-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442 [ 61 ] CVE-2017-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445 [ 62 ] CVE-2017-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446 [ 63 ] CVE-2017-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447 [ 64 ] CVE-2017-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454 [ 65 ] CVE-2017-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455 [ 66 ] CVE-2017-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457 [ 67 ] CVE-2017-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459 [ 68 ] CVE-2017-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460 [ 69 ] CVE-2017-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464 [ 70 ] CVE-2017-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465 [ 71 ] CVE-2017-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466 [ 72 ] CVE-2017-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468 [ 73 ] CVE-2017-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469 [ 74 ] CVE-2017-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470 [ 75 ] CVE-2017-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471 [ 76 ] CVE-2017-2475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475 [ 77 ] CVE-2017-2476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476 [ 78 ] CVE-2017-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481 [ 79 ] CVE-2017-2496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496 [ 80 ] CVE-2017-2504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504 [ 81 ] CVE-2017-2505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505 [ 82 ] CVE-2017-2506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506 [ 83 ] CVE-2017-2508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508 [ 84 ] CVE-2017-2510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510 [ 85 ] CVE-2017-2514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514 [ 86 ] CVE-2017-2515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515 [ 87 ] CVE-2017-2521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521 [ 88 ] CVE-2017-2525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525 [ 89 ] CVE-2017-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526 [ 90 ] CVE-2017-2528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528 [ 91 ] CVE-2017-2530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530 [ 92 ] CVE-2017-2531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531 [ 93 ] CVE-2017-2536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536 [ 94 ] CVE-2017-2539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539 [ 95 ] CVE-2017-2544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544 [ 96 ] CVE-2017-2547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547 [ 97 ] CVE-2017-2549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549 [ 98 ] CVE-2017-6980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980 [ 99 ] CVE-2017-6984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201706-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --NcNxMnppmhackEL27c23XhPLDAAQ7GQcq-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-27-2 Safari 10.1 Safari 10.1 is now available and addresses the following: CoreGraphics Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2444: Mei Wang of 360 GearTeam Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue was addressed by disabling text input until the destination page loads. CVE-2017-2376: Chris Hlady of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Yuyang Zhou of Tencent Security Platform Department (security.tencent.com), Michal Zalewski of Google Inc, an anonymous researcher, an anonymous researcher Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites Description: A spoofing issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal. CVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation. CVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com) Safari Login AutoFill Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: A local user may be able to access locked keychain items Description: A keychain handling issue was addressed through improved keychain item management. CVE-2017-2385: Simon Woodside of MedStack WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution Description: A validation issue existed in bookmark creation. This issue was addressed through improved input validation. CVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A prototype access issue was addressed through improved exception handling. CVE-2017-2386: André Bargull WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-9642: Gustavo Grieco CVE-2017-2394: Apple CVE-2017-2396: Apple WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2395: Apple CVE-2017-2454: Ivan Fratric of Google Project Zero CVE-2017-2455: Ivan Fratric of Google Project Zero CVE-2017-2459: Ivan Fratric of Google Project Zero CVE-2017-2460: Ivan Fratric of Google Project Zero CVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon Shin CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab CVE-2017-2466: Ivan Fratric of Google Project Zero CVE-2017-2468: lokihardt of Google Project Zero CVE-2017-2469: lokihardt of Google Project Zero CVE-2017-2470: lokihardt of Google Project Zero CVE-2017-2476: Ivan Fratric of Google Project Zero CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com) WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions. CVE-2017-2419: Nicolai Grødum of Cisco Systems WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing. CVE-2016-9643: Gustavo Grieco WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management. CVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2433: Apple WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2364: lokihardt of Google Project Zero WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: A malicious website may exfiltrate data cross-origin Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2367: lokihardt of Google Project Zero WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management. CVE-2017-2445: lokihardt of Google Project Zero WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management. CVE-2017-2446: Natalie Silvanovich of Google Project Zero WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Visiting a maliciously crafted website may compromise user information Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2447: Natalie Silvanovich of Google Project Zero WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2471: Ivan Fratric of Google Project Zero WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame handling. This issue was addressed through improved state management. CVE-2017-2475: lokihardt of Google Project Zero WebKit JavaScript Bindings Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2442: lokihardt of Google Project Zero WebKit Web Inspector Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Closing a window while paused in the debugger may lead to unexpected application termination Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2377: Vicki Pfau WebKit Web Inspector Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2405: Apple Installation note: Safari 10.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2Yo6AAoJEIOj74w0bLRGhF4QALEOLTqQHF6gZnvahvF3wasA 86D3oE4LHUVVSiRq5qLr0mT2Tm4/qQEwDrbUgA7lqR5jJ1ZxB+6cNJf8AeGYwSYs NYx3kzhSV6y2Bw98JE3NIPbEsnYNKyYK6ExJLpwHbt1a9HdU+VY8Z4tJiEs3pCRW ndC6znbfia9p9PkLcv+mwkCrGQetgjuTzEofPoUPy1EKvexWiKImrlhtDlNSPP2I b1v7puQfGTH2iGecMvCIENTyNW7OOmRwN7bzs7S5m+ztGBq1Ti6auAT/59mSD5HI CQgqfTYPvvIN6oowMiGsy5l5uIAXF7/5eP9jyf2ygewGvVY26gum/PGskhWERRHl RwYOwCs5EEfPRj0z2m+8BcRe5YVfrB8A1mSHkPQU+UaScwYxh0kjN9fsQPT1PCSd Ks8H+1FVgcbTH2zp4bYPgdupyerX8Dh2cC3Doaemp4qW0d+/v5mhSPHq4zIBQoJ6 C5TsVM7JyVOMHXHGpWooyPDVVtzb5/ve0UgCqJ1rTFEzOFuJN313hP5f00woguTY 4B0NV+XlVrfmk3CWy7vx0grs5vKC6Vgz8rDilLeBfmVqUlZ4Hn75W24pEHIa24sB lPDffw4xrnGYFASDRC/Ch464/myq9TIETzTkW5zzLw4jLnIAXjpPWusiT6gKdQP8 GmR5lxoaaeZxH8hQc5ui =p/K5 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

Trust: 2.34

sources: NVD: CVE-2017-2442 // JVNDB: JVNDB-2017-002439 // BID: 97129 // VULHUB: VHN-110645 // VULMON: CVE-2017-2442 // PACKETSTORM: 142073 // PACKETSTORM: 142825 // PACKETSTORM: 141878

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	10.0.3	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	10.1 (macos sierra 10.12.4)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	10.1 (os x el capitan v10.11.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	10.1 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2.1	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	7.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	10.1	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	16.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	11.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3

sources: BID: 97129 // JVNDB: JVNDB-2017-002439 // CNNVD: CNNVD-201703-1352 // NVD: CVE-2017-2442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2442
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2442
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-1352
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110645
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-2442
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-2442
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-110645
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2442
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110645 // VULMON: CVE-2017-2442 // JVNDB: JVNDB-2017-002439 // CNNVD: CNNVD-201703-1352 // NVD: CVE-2017-2442

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-110645 // JVNDB: JVNDB-2017-002439 // NVD: CVE-2017-2442

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 142073 // PACKETSTORM: 142825 // CNNVD: CNNVD-201703-1352

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201703-1352

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002439

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-110645 // VULMON: CVE-2017-2442

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207600	url:	https://support.apple.com/en-us/HT207600	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/en-us/HT207617	Trust: 0.8
title:	HT207600	url:	https://support.apple.com/ja-jp/HT207600	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/ja-jp/HT207617	Trust: 0.8
title:	Apple iOS and Safari WebKit JavaScript Bindings Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68879	Trust: 0.6
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-2442	Trust: 0.1
title:	Apple: Safari 10.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=5c4ba20f7a3a0bac6dc3db074ec0daa4	Trust: 0.1
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3257-1	Trust: 0.1
title:	Apple: iOS 10.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=e3eec66a6152b7f2dac0fe21bb8ee9cd	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201704-9] webkit2gtk: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201704-9	Trust: 0.1
title:	tensorflow	url:	https://github.com/elmasryelec/tensorflow	Trust: 0.1
title:	uxss-db	url:	https://github.com/Metnew/uxss-db	Trust: 0.1
title:	uxss-db	url:	https://github.com/0xR0/uxss-db	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1

sources: VULMON: CVE-2017-2442 // JVNDB: JVNDB-2017-002439 // CNNVD: CNNVD-201703-1352

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2442	Trust: 3.2
db:	BID	id:	97129	Trust: 2.1
db:	EXPLOIT-DB	id:	41800	Trust: 1.2
db:	SECTRACK	id:	1038137	Trust: 1.2
db:	JVN	id:	JVNVU90482935	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002439	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1352	Trust: 0.7
db:	PACKETSTORM	id:	141959	Trust: 0.1
db:	SEEBUG	id:	SSVID-92882	Trust: 0.1
db:	VULHUB	id:	VHN-110645	Trust: 0.1
db:	VULMON	id:	CVE-2017-2442	Trust: 0.1
db:	PACKETSTORM	id:	142073	Trust: 0.1
db:	PACKETSTORM	id:	142825	Trust: 0.1
db:	PACKETSTORM	id:	141878	Trust: 0.1

sources: VULHUB: VHN-110645 // VULMON: CVE-2017-2442 // BID: 97129 // JVNDB: JVNDB-2017-002439 // PACKETSTORM: 142073 // PACKETSTORM: 142825 // PACKETSTORM: 141878 // CNNVD: CNNVD-201703-1352 // NVD: CVE-2017-2442

REFERENCES

url:	http://www.securityfocus.com/bid/97129	Trust: 1.9
url:	https://support.apple.com/ht207600	Trust: 1.8
url:	https://support.apple.com/ht207617	Trust: 1.8
url:	https://www.exploit-db.com/exploits/41800/	Trust: 1.3
url:	https://security.gentoo.org/glsa/201706-15	Trust: 1.3
url:	http://www.securitytracker.com/id/1038137	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2442	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2442	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90482935/index.html	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/safari/	Trust: 0.3
url:	https://lists.apple.com/archives/security-announce/2017/dec/msg00009.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2459	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2405	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2395	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2376	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9642	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2396	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2446	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2445	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2364	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2419	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2367	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2460	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2433	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2455	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2377	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2454	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2415	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2394	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2447	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2386	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9643	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/3257-1/	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53194	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.1-0ubuntu0.16.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2465	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2464	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-3257-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2466	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2392	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.1-0ubuntu0.16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2468	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2457	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7096	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2394	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7652	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2363	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2457	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2386	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7587	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2350	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2366	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2466	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7586	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7654	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2442	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7646	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7641	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2367	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1724	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7599	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2373	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2530	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2459	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7611	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7598	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7611	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-6980	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1725	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1727	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2454	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2455	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1727	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7656	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2544	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2354	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9643	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4692	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2447	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2377	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2464	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7632	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1728	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2470	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7648	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2365	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2506	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7646	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7587	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2471	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7639	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4743	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7598	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2514	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2521	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7641	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2539	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2369	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7632	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7640	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1724	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2460	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2371	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2419	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2481	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7645	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2364	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7096	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7642	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1725	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2468	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7645	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2505	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2510	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-6984	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4692	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2547	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7098	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2476	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2376	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7640	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1723	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2405	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2395	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7639	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2362	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7599	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2396	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7649	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2525	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2433	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7098	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9642	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2445	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2356	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2504	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2508	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2531	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2528	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4743	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7642	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1726	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2392	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2446	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2355	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2536	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2415	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2453	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2444	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2389	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2378	Trust: 0.1
url:	http://seclists.org/fulldisclosure/	Trust: 0.1
url:	https://nmap.org/mailman/listinfo/fulldisclosure	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2385	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2424	Trust: 0.1

CREDITS

ShenYeYinJiu of Tencent Security Response Center, TSRC, Nicolai Gr??dum of Cisco Systems, Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London, lokihardt of Google Project Zero, xisigr of Tencent's Xuanwu Lab (t

Trust: 0.6

sources: CNNVD: CNNVD-201703-1352

SOURCES

db:	VULHUB	id:	VHN-110645
db:	VULMON	id:	CVE-2017-2442
db:	BID	id:	97129
db:	JVNDB	id:	JVNDB-2017-002439
db:	PACKETSTORM	id:	142073
db:	PACKETSTORM	id:	142825
db:	PACKETSTORM	id:	141878
db:	CNNVD	id:	CNNVD-201703-1352
db:	NVD	id:	CVE-2017-2442

LAST UPDATE DATE

2024-11-23T20:45:35.906000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110645	date:	2017-08-16T00:00:00
db:	VULMON	id:	CVE-2017-2442	date:	2017-08-16T00:00:00
db:	BID	id:	97129	date:	2017-12-19T22:38:00
db:	JVNDB	id:	JVNDB-2017-002439	date:	2017-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201703-1352	date:	2017-03-31T00:00:00
db:	NVD	id:	CVE-2017-2442	date:	2024-11-21T03:23:31.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110645	date:	2017-04-02T00:00:00
db:	VULMON	id:	CVE-2017-2442	date:	2017-04-02T00:00:00
db:	BID	id:	97129	date:	2017-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-002439	date:	2017-04-13T00:00:00
db:	PACKETSTORM	id:	142073	date:	2017-04-11T02:53:36
db:	PACKETSTORM	id:	142825	date:	2017-06-07T14:18:30
db:	PACKETSTORM	id:	141878	date:	2017-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201703-1352	date:	2017-03-31T00:00:00
db:	NVD	id:	CVE-2017-2442	date:	2017-04-02T01:59:02.293