Уязвимость выполнения произвольного кода и DoS атаки через повреждение памяти в компоненте WebKit при помощи специального веб-сайта в iOS, Safari, iCloud, iTunes, tvOS и watchOS
Описание
Обнаружена уязвимость в ряде продуктов Apple, связанная с компонентом "WebKit". Эта уязвимость позволяет злоумышленникам выполнять произвольный код или вызвать DoS атаку (повреждение памяти и аварийное завершение работы приложения) с помощью специально созданного веб-сайта.
Затронутые версии ПО
- iOS до версии 11.3
- Safari до версии 11.1
- iCloud до версии 7.4 на Windows
- iTunes до версии 12.7.4 на Windows
- tvOS до версии 11.3
- watchOS до версии 4.3
Тип уязвимости
- Удаленное выполнение кода
- DoS атака
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
Одновременно
Одновременно
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
An issue was discovered in certain Apple products. iOS before 11.3 is ...
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2