Multiple vulnerabilities in Apple Safari
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2017-13783 CVE-2017-13784 CVE-2017-13785 CVE-2017-13788 CVE-2017-13789 CVE-2017-13790 CVE-2017-13791 CVE-2017-13792 CVE-2017-13793 CVE-2017-13794 CVE-2017-13795 CVE-2017-13796 CVE-2017-13798 CVE-2017-13802 CVE-2017-13803 |
| CWE-ID | CWE-119 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. |
| Vulnerable software Subscribe |
Apple Safari Client/Desktop applications / Web browsers |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU9026
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13783
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Memory corruption
EUVDB-ID: #VU9027
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13784
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Memory corruption
EUVDB-ID: #VU9028
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13785
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Memory corruption
EUVDB-ID: #VU9029
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13788
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Spoofing attack
EUVDB-ID: #VU9041
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13789
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website and spoof address bar.
Successful exploitation of this vulnerability may result in information disclosure or malicious actions execution.
MitigationUpdate to version 11.1.
Apple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Spoofing attack
EUVDB-ID: #VU9040
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13790
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website and spoof address bar.
Successful exploitation of this vulnerability may result in information disclosure or malicious actions execution.
MitigationUpdate to version 11.1.
Apple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU9030
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13791
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Memory corruption
EUVDB-ID: #VU9031
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13792
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Memory corruption
EUVDB-ID: #VU9032
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13793
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU9033
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13794
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Memory corruption
EUVDB-ID: #VU9034
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13795
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Memory corruption
EUVDB-ID: #VU9035
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13796
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Memory corruption
EUVDB-ID: #VU9036
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13798
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Memory corruption
EUVDB-ID: #VU9037
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-13802
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Memory corruption
EUVDB-ID: #VU9038
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13803
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Update to version 11.1.
Vulnerable software versionsApple Safari: 10.1.0 - 10.1.2
External linkshttp://support.apple.com/en-us/HT208223
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
