Apple Safari CVE-2017-2491 Use After Free Remote Code Execution Vulnerability



Apple Safari is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

Information

Bugtraq ID: 98316
Class: Design Error
CVE: CVE-2017-2491

Remote: Yes
Local: No
Published: May 04 2017 12:00AM
Updated: May 05 2017 04:06PM
Credit: Samuel GroÃ? and Niklas Baumstark.
Vulnerable: Apple macOS 10.12.4
Apple Mac Os X 10.11.6
Apple Mac Os X 10.10.5
Apple iPod Touch 0
Apple iPhone 0
Apple iPad 0
Apple iOS 5 0
Apple iOS 4 0
Apple iOS 3 0
Apple iOS 10.2.1
Apple iOS 10.0.1
Apple iOS 9.3.4
Apple iOS 9.3.3
Apple iOS 9.3.2
Apple iOS 9.3.1
Apple iOS 9.2.1
Apple iOS 9.0.2
Apple iOS 9.0.1
Apple iOS 8.4.1
Apple iOS 7.2
Apple iOS 7.0.6
Apple iOS 7.0.5
Apple iOS 7.0.3
Apple iOS 7.0.2
Apple iOS 7.0.1
Apple iOS 6.3.1
Apple iOS 6.1.6
Apple iOS 6.1.4
Apple iOS 6.1.3
Apple iOS 4.2.1
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 9.3.5
Apple iOS 9.3
Apple iOS 9.2
Apple iOS 9.1
Apple iOS 9
Apple iOS 8.4
Apple iOS 8.3
Apple iOS 8.2
Apple iOS 8.1.3
Apple iOS 8.1.2
Apple iOS 8.1.1
Apple iOS 8.1
Apple iOS 8
Apple iOS 7.1.2
Apple iOS 7.1.1
Apple iOS 7.1
Apple iOS 7.0.4
Apple iOS 7
Apple iOS 6.1
Apple iOS 6.0.2
Apple iOS 6.0.1
Apple iOS 6
Apple iOS 5.1.1
Apple iOS 5.1
Apple iOS 5.0.1
Apple iOS 5
Apple iOS 4.3.5
Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Apple iOS 4.3.1
Apple iOS 4.3
Apple iOS 4.2.9
Apple iOS 4.2.8
Apple iOS 4.2.7
Apple iOS 4.2.6
Apple iOS 4.2.5
Apple iOS 4.2.10
Apple iOS 4.2
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Apple iOS 3.1
Apple iOS 3.0
Apple iOS 2.1
Apple iOS 2.0
Apple iOS 10.3.1
Apple iOS 10.2
Apple iOS 10.1
Apple iOS 10


Not Vulnerable: Apple iOS 10.3


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts

Comments