CVE-2017-7006
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.
Se ha descubierto un problema en ciertos productos de Apple. Las versiones anteriores a la 10.3.3 de iOS se han visto afectadas, así como Safari en versiones anteriores a la 10.1.2 y tvOS en versiones anteriores a la 10.2.2. El problema está relacionado con el componente \"WebKit\". Esto permite que atacantes remotos lleven a cabo un ataque de sincronización de canal lateral para omitir la política del mismo origen y obtener información sensible mediante un sitio web manipulado que utilice filtros SVG.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-17 CVE Reserved
- 2017-07-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99886 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038950 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201710-14 | 2019-10-03 | |
| https://support.apple.com/HT207921 | 2019-10-03 | |
| https://support.apple.com/HT207923 | 2019-10-03 | |
| https://support.apple.com/HT207924 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | < 10.1.2 Search vendor "Apple" for product "Safari" and version " < 10.1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 10.3.3 Search vendor "Apple" for product "Iphone Os" and version " < 10.3.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 10.2.2 Search vendor "Apple" for product "Tvos" and version " < 10.2.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Webkit Search vendor "Apple" for product "Webkit" | - | - |
Affected
| ||||||