Lucene search
Chaitin Security Research LabZDI-17-366HistoryMay 30, 2017 - 12:00 a.m.
(Pwn2Own) Apple Safari WebSQL optimize Type Confusion Remote Code Execution Vulnerability
2017-05-3000:00:00
Chaitin Security Research Lab
www.zerodayinitiative.com
44
EPSS
0.016
Percentile
87.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebSQL. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.
References
Related
cve
cve
CVE-2017-6983
2017-05-22 05:29:02
ubuntucve
ubuntucve
CVE-2017-6983
2017-05-22 00:00:00
cvelist
cvelist
CVE-2017-6983
2017-05-22 04:54:00
prion
prion
Memory corruption
2017-05-22 05:29:00
nvd
nvd
CVE-2017-6983
2017-05-22 05:29:02
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities (HT207797)
2017-05-16 00:00:00
nessus
nessus
macOS 10.12.x < 10.12.5 Multiple Vulnerabilities
2017-05-18 00:00:00
Apple iOS < 10.3.2 Multiple Vulnerabilities
2017-05-18 00:00:00
apple
apple
About the security content of macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite - Apple Support
2017-06-08 09:43:12
About the security content of macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite
2017-05-15 00:00:00
About the security content of iOS 10.3.2
2017-05-15 00:00:00
androidsecurity
androidsecurity
Android Security Bulletin—September 2017
2017-09-05 00:00:00