CVE-2017-2393

Name of the Vulnerable Software and Affected Versions iOS versions prior to 10.3

Description The issue concerns the Safari Reader component and is due to the lack of protection for the web page structure. This allows a remote attacker to conduct a Universal XSS (UXSS) attack using a specially crafted website. UXSS stands for Universal Cross-Site Scripting, which is a type of attack that allows an attacker to inject malicious scripts into a website, potentially affecting all users of the site.

Recommendations For iOS versions prior to 10.3, update to a version 10.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Safari Reader component until a patch is available. Restrict access to specially crafted web sites to minimize the risk of exploitation.