CVE-2017-7089
moderate-risk
Published 2017-10-23
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.
Do I need to act?
~
4.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
NETWORK
/ LOW complexity
Affected Vendors
References (12)
Third Party Advisory
http://www.securityfocus.com/bid/100893
Third Party Advisory
http://www.securitytracker.com/id/1039384
Third Party Advisory
http://www.securitytracker.com/id/1039385
Vendor Advisory
https://support.apple.com/HT208112
Vendor Advisory
https://support.apple.com/HT208116
Vendor Advisory
https://support.apple.com/HT208142
Third Party Advisory
http://www.securityfocus.com/bid/100893
Third Party Advisory
http://www.securitytracker.com/id/1039384
Third Party Advisory
http://www.securitytracker.com/id/1039385
Vendor Advisory
https://support.apple.com/HT208112
Vendor Advisory
https://support.apple.com/HT208116
Vendor Advisory
https://support.apple.com/HT208142
43
/ 100
moderate-risk
Severity
23/34 · High
Exploitability
8/34 · Low
Exposure
12/34 · Low