Lucene search
Richard Zhu (fluorescence)ZDI-18-151HistoryFeb 07, 2018 - 12:00 a.m.
(Pwn2Own) Apple Safari UIProcess Out-Of-Bounds Access Privilege Escalation Vulnerability
2018-02-0700:00:00
Richard Zhu (fluorescence)
www.zerodayinitiative.com
38
0.002 Low
EPSS
Percentile
61.3%
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ResourceRequest objects. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the user.
References
Related
nvd
nvd
CVE-2017-7172
2018-04-03 06:29:02
prion
prion
Memory corruption
2018-04-03 06:29:00
cvelist
cvelist
CVE-2017-7172
2018-04-03 06:00:00
cve
cve
CVE-2017-7172
2018-04-03 06:29:02
apple
apple
About the security content of iCloud for Windows 7.2 - Apple Support
2018-01-25 06:02:26
About the security content of iCloud for Windows 7.2
2017-12-13 00:00:00
About the security content of iTunes 12.7.2 for Windows - Apple Support
2018-10-18 05:09:28
kaspersky
kaspersky
KLA11279 Multiple vulnerabilities in Apple iTunes
2017-12-06 00:00:00
openvas
openvas
Apple Mac OS X Security Updates (HT208331)-02
2017-12-07 00:00:00
nessus
nessus
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)
2017-12-07 00:00:00
macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)
2017-12-07 00:00:00