PT-2017-15431 · Apple · Webkit+2

Niklas Baumstark

+1

·

Publicado

2017-05-22

·

Atualizado

2017-08-13

·

CVE-2017-2528

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions iOS versions prior to 10.3.2 Safari versions prior to 10.1.1
Description The issue involves the WebKit component and allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.
Recommendations For iOS versions prior to 10.3.2, update to version 10.3.2 or later. For Safari versions prior to 10.1.1, update to version 10.1.1 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-2528

Produtos afetados

Safari
Webkit
Ios