Information disclosure in tvOS - CVE-2017-2493
Published: April 3, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31338
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-2493
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
tvOS
tvOS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.
How to mitigate CVE-2017-2493
Install update from vendor's website.