CVE-2017-2471

high

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.

References

http://www.securityfocus.com/bid/97133

http://www.securitytracker.com/id/1038137

https://bugs.chromium.org/p/project-zero/issues/detail?id=1105

https://security.gentoo.org/glsa/201706-15

https://support.apple.com/HT207600

https://support.apple.com/HT207602

https://support.apple.com/HT207617

https://www.exploit-db.com/exploits/41813/

Details

Source: MITRE

Published: 2017-04-02

Updated: 2017-08-16

Type: CWE-416

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH