CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-2526 – Apple Safari RenderInline Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2526
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se descubrió un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. • http://www.securityfocus.com/bid/98474 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-2506 – Apple Safari RenderElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2506
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se detectó un problema en ciertos productos de Apple. iOS anterior a versión 10.3.2 está afectado. • http://www.securityfocus.com/bid/98474 http://www.securitytracker.com/id/1038487 https://security.gentoo.org/glsa/201706-15 https://support.apple.com/HT207798 https://support.apple.com/HT207804 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2017-2491 – Apple Safari String replace Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-2491
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. Una vulnerabilidad de uso de la memoria previamente liberada en el método String.replace de JavaScriptCore en Apple Safari en iOS anterior a la versión 10.3, permite a atacantes remotos ejecutar código arbitrario por medio de una página web especialmente diseñada, o un archivo especialmente diseñado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the String.replace method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.exploit-db.com/exploits/41964 http://www.securityfocus.com/bid/98316 http://www.zerodayinitiative.com/advisories/ZDI-17-321 https://support.apple.com/en-us/HT207617 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6975
https://notcve.org/view.php?id=CVE-2017-6975
Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior. Wi-Fi en Apple iOS en versiones anteriores a 10.3.1 no evita la explotación de desbordamiento de búfer de pila de la CVE-2017-6956 a través de un punto de acceso manipulado. NOTA: dado que un sistema operativo podría potencialmente aislarse de la explotación de CVE-2017-6956 sin parches de funciones de firmware de Broadcom, hay un CVE ID independiente para el comportamiento del sistema operativo. • http://seclists.org/fulldisclosure/2019/May/24 http://www.securityfocus.com/bid/97328 http://www.securitytracker.com/id/1038172 https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html https://seclists.org/bugtraq/2019/May/30 https://support.apple.com/HT207688 https://support.apple.com/kb/HT210121 https://twitter.com/4Dgifts/status/849268365457850370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2434
https://notcve.org/view.php?id=CVE-2017-2434
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. El problema involucra al componente "HomeKit". • http://www.securityfocus.com/bid/97138 http://www.securitytracker.com/id/1038139 https://support.apple.com/HT207617 • CWE-20: Improper Input Validation •