CVE-2017-7157
moderate-risk
Published 2017-12-27
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Do I need to act?
~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (18)
Third Party Advisory
http://www.securityfocus.com/bid/102181
Third Party Advisory
http://www.securitytracker.com/id/1040012
Third Party Advisory
http://www.securitytracker.com/id/1040013
Third Party Advisory
https://security.gentoo.org/glsa/201801-09
Vendor Advisory
https://support.apple.com/HT208324
Vendor Advisory
https://support.apple.com/HT208326
Vendor Advisory
https://support.apple.com/HT208327
Vendor Advisory
https://support.apple.com/HT208328
Vendor Advisory
https://support.apple.com/HT208334
Third Party Advisory
http://www.securityfocus.com/bid/102181
Third Party Advisory
http://www.securitytracker.com/id/1040012
Third Party Advisory
http://www.securitytracker.com/id/1040013
Third Party Advisory
https://security.gentoo.org/glsa/201801-09
Vendor Advisory
https://support.apple.com/HT208324
Vendor Advisory
https://support.apple.com/HT208326
Vendor Advisory
https://support.apple.com/HT208327
Vendor Advisory
https://support.apple.com/HT208328
Vendor Advisory
https://support.apple.com/HT208334
48
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
5/34 · Minimal
Exposure
13/34 · Low