CVE-2017-2350
Apple Security Advisory 2017-01-23-4
Severity Score
Exploit Likelihood
Affected Versions
4Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente "WebKit". Esto permite a atacantes remotos eludir Same Origin Policy y obtener información sensible a través de un sito web manipulado.
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-01-24 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (6)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201706-15 | 2019-03-08 | |
| https://support.apple.com/HT207482 | 2019-03-08 | |
| https://support.apple.com/HT207484 | 2019-03-08 | |
| https://support.apple.com/HT207485 | 2019-03-08 |