Lucene search

Kaspersky LabKLA11146

HistoryOct 31, 2017 - 12:00 a.m.

KLA11146 Multiple vulnerabilities in Apple Safari

2017-10-3100:00:00

Kaspersky Lab

threats.kaspersky.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.702 High

EPSS

Percentile

98.0%

JSON

Multiple serious vulnerabilities have been found in Apple Safari. Vulnerabilities in the WebKit componenent can be exploited remotely via crafted web site to execute arbitrary code.

Original advisories

About the security content of Safari 11.0.1

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Apple-Safari

CVE list

CVE-2017-13784 high

CVE-2017-13785 high

CVE-2017-13791 high

CVE-2017-13792 high

CVE-2017-13794 high

CVE-2017-13795 high

CVE-2017-13796 high

CVE-2017-13797 high

CVE-2017-13798 high

CVE-2017-13802 high

CVE-2017-13783 high

Solution

Update to the latest version

Download Safari

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.