CVE-2017-7106
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/HT208142
Vendor advisory: product-security@apple.com — https://support.apple.com/HT208116
Vendor advisory: product-security@apple.com — https://support.apple.com/HT208112
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | |
References
- http://www.securityfocus.com/bid/100893
- http://www.securitytracker.com/id/1039384
- http://www.securitytracker.com/id/1039385
- https://support.apple.com/HT208112
- https://support.apple.com/HT208116
- https://support.apple.com/HT208142
- http://www.securityfocus.com/bid/100893
- http://www.securitytracker.com/id/1039384
- http://www.securitytracker.com/id/1039385
- https://support.apple.com/HT208112
- https://support.apple.com/HT208116
- https://support.apple.com/HT208142
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.