CVE-2017-7110
https://notcve.org/view.php?id=CVE-2017-7110
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11, las versiones de tvOS anteriores a la 11 y las versiones de watchOS anteriores a la 4. • http://www.securityfocus.com/bid/100927 http://www.securitytracker.com/id/1039385 https://bugs.chromium.org/p/project-zero/issues/detail?id=1313 https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support.apple.com/HT208115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7072
https://notcve.org/view.php?id=CVE-2017-7072
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11. • http://www.securityfocus.com/bid/100892 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 • CWE-20: Improper Input Validation •
CVE-2017-7106
https://notcve.org/view.php?id=CVE-2017-7106
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar. Se ha descubierto un problema en ciertos productos Apple. • http://www.securityfocus.com/bid/100893 http://www.securitytracker.com/id/1039384 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 https://support.apple.com/HT208116 https://support.apple.com/HT208142 • CWE-20: Improper Input Validation •
CVE-2017-7097
https://notcve.org/view.php?id=CVE-2017-7097
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11. • http://www.securityfocus.com/bid/100929 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7089 – Webkit (Safari) - Universal Cross-site Scripting
https://notcve.org/view.php?id=CVE-2017-7089
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. Se ha descubierto un problema en ciertos productos Apple. • https://www.exploit-db.com/exploits/45866 https://github.com/Bo0oM/CVE-2017-7089 http://www.securityfocus.com/bid/100893 http://www.securitytracker.com/id/1039384 http://www.securitytracker.com/id/1039385 https://support.apple.com/HT208112 https://support.apple.com/HT208116 https://support.apple.com/HT208142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •