CVE-2017-2378
Apple Security Advisory 2017-03-27-4
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.
Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.3 está afectado. Safari en versiones anteriores a 10.1 está afectado. El problema involucra la creación de marcadores en el componente "WebKit". Esto permite a atacantes remotos ejecutar código arbitrario o suplantar un marcador aprovechando el manejo incorrecto de enlaces durante las acciones de arrastrar y soltar.
iOS 10.3 is now available and addresses code execution, information disclosure, denial of service, and various other vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-03-27 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97129 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038137 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/HT207600 | 2017-07-12 | |
| https://support.apple.com/HT207617 | 2017-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | <= 10.0.3 Search vendor "Apple" for product "Safari" and version " <= 10.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | <= 10.2.1 Search vendor "Apple" for product "Iphone Os" and version " <= 10.2.1" | - |
Affected
| ||||||