cbcvebase.
CVE-2017-2460
published 2017-04-02

CVE-2017-2460: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue…

PriorityP263high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.74%
93.1th percentile
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Affected

7 ranges
VendorProductVersion rangeFixed in
appleios
appleiphone_os<= 10.2.1
applesafari<= 10.0.3
applesafari
appletvos<= 10.1.1
appletvos
debianwebkit2gtk< webkit2gtk 2.14.6-1 (bookworm)webkit2gtk 2.14.6-1 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via a crafted web page that manipulates form submission with autofocus and DOM manipulation to cause a use-after-free in WebKit's FormSubmission::create / HTMLFormElement::submit code path. Detection should focus on WebKit crashes or memory corruption originating from HTMLFormElement::submit or FormSubmission::create.
  • The exploit PoC uses JavaScript to set input.autofocus=true, append an input element to a form's output, and call form.submit() inside a load event handler — monitor for suspicious JS patterns combining autofocus assignment, dynamic DOM appendChild, and programmatic form.submit() calls.
  • ·Affected versions are iOS before 10.3, Safari before 10.1, and tvOS before 10.2. The Debian WebKitGTK fix is in version 2.14.6-1. Ensure patched versions are deployed before relying solely on detection.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.