CVE-2017-2498
https://notcve.org/view.php?id=CVE-2017-2498
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. Se detectó un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. El problema implica el componente "Security". • http://www.securityfocus.com/bid/98479 http://www.securitytracker.com/id/1038485 https://support.apple.com/HT207798 • CWE-295: Improper Certificate Validation •
CVE-2017-2510 – WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2510
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. Descubierto un problema en ciertos productos de Apple. • https://www.exploit-db.com/exploits/42067 http://www.securityfocus.com/bid/98474 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2515 – WebKit - 'FrameLoader::clear' Stealing Variables via Page Navigation
https://notcve.org/view.php?id=CVE-2017-2515
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Un problema fue encontrado en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. • https://www.exploit-db.com/exploits/42068 http://www.securityfocus.com/bid/98473 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207801 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2514 – Apple WebKit / Safari 10.0.3(12602.4.8) - 'WebCore::FrameView::scheduleRelayout' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-2514
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se descubrió un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. • https://www.exploit-db.com/exploits/42063 http://www.securityfocus.com/bid/98474 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2502
https://notcve.org/view.php?id=CVE-2017-2502
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a10.12.5 se ve afectado. • http://www.securityfocus.com/bid/98468 http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 https://support.apple.com/HT207798 https://support.apple.com/HT207800 https://support.apple.com/HT207801 •