Errata ALT-PU-2017-1162-1: Information
Fixes
Published: Feb. 20, 2017
BDU:2017-00394
Уязвимость операционной системы iOS, мультимедийного проигрывателя iTunes, браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00400
Уязвимость операционной системы iOS, мультимедийного проигрывателя iTunes, браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00404
Уязвимость браузера Safari, операционной системы iOS, мультимедийного проигрывателя iTunes, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00406
Уязвимость браузера Safari, операционной системы iOS, мультимедийного проигрывателя iTunes, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00410
Уязвимость браузера Safari, мультимедийного проигрывателя iTunes, операционной системы iOS, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00413
Уязвимость мультимедийного проигрывателя iTunes, операционной системы iOS, браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00467
Уязвимость браузера Safari, мультимедийного проигрывателя iTunes, операционной системы iOS, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00469
Уязвимость браузера Safari, мультимедийного проигрывателя iTunes, операционной системы iOS, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00478
Уязвимость операционной системы iOS, мультимедийного проигрывателя iTunes и браузера Safari, позволяющая нарушителю получить конфиденциальную информацию или обойти существующую политику ограничения доступа
Severity: MEDIUM (4.3)
Links:
Published: Feb. 20, 2017
BDU:2017-00484
Уязвимость операционной системы iOS, мультимедийного проигрывателя iTunes и браузера Safari , позволяющая нарушителю получить конфиденциальную информацию
Severity: MEDIUM (4.3)
Links:
Published: Feb. 20, 2017
BDU:2017-00486
Уязвимость операционной системы iOS, мультимедийного проигрывателя iTunes и браузера Safari, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.8)
Links:
Published: Feb. 20, 2017
BDU:2017-00489
Уязвимость операционной системы iOS, мультимедийного проигрывателя iTunes и браузера Safari, позволяющая нарушителю получить конфиденциальную информацию
Severity: MEDIUM (4.3)
Links:
Published: Feb. 20, 2017
BDU:2017-00497
Уязвимость браузера Safari и операционной системы iOS, позволяющая нарушителю получить конфиденциальную информацию
Severity: MEDIUM (4.3)
Links:
Published: Jan. 22, 2020
Modified: July 10, 2020
Modified: July 10, 2020
CVE-2016-4761
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7586
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: Oct. 30, 2018
Modified: Oct. 30, 2018
CVE-2016-7589
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7592
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.
Severity: MEDIUM (4.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7599
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7623
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7632
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7635
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7639
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7641
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7645
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7652
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7654
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: July 27, 2017
Modified: July 27, 2017
CVE-2016-7656
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: March 9, 2019
Modified: March 9, 2019
CVE-2017-2350
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: March 9, 2019
Modified: March 9, 2019
CVE-2017-2354
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: March 13, 2019
Modified: March 13, 2019
CVE-2017-2355
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: March 11, 2019
Modified: March 11, 2019
CVE-2017-2356
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: Sept. 1, 2017
Modified: Sept. 1, 2017
CVE-2017-2362
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: March 11, 2019
Modified: March 11, 2019
CVE-2017-2363
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: Aug. 16, 2017
Modified: Aug. 16, 2017
CVE-2017-2364
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: March 9, 2019
Modified: March 9, 2019
CVE-2017-2365
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
Published: Feb. 20, 2017
Modified: July 26, 2017
Modified: July 26, 2017
CVE-2017-2366
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: March 9, 2019
Modified: March 9, 2019
CVE-2017-2369
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2017
Modified: Jan. 23, 2020
Modified: Jan. 23, 2020
CVE-2017-2371
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Feb. 20, 2017
Modified: March 8, 2019
Modified: March 8, 2019
CVE-2017-2373
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links: