cbcvebase.
CVE-2017-2464
published 2017-04-02

CVE-2017-2464: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue…

PriorityP265high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
9.28%
94.7th percentile
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Affected

7 ranges
VendorProductVersion rangeFixed in
appleios
appleiphone_os<= 10.2.1
applesafari<= 10.0.3
applesafari
appletvos<= 10.1.1
appletvos
debianwebkit2gtk< webkit2gtk 2.16.3-2 (bookworm)webkit2gtk 2.16.3-2 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

commandb.concat.apply(b, args);
  • Look for JavaScript triggering Array.prototype.splice to create large 'undecided' arrays (length 0xffffff00) followed by concat.apply with oversized argument arrays (~4096 elements), indicative of the heap memory corruption primitive.
  • The vulnerability is triggered via a crafted web site delivered to WebKit-based browsers (Safari < 10.1, iOS < 10.3, tvOS < 10.2); monitor for exploitation attempts targeting these user-agent strings in web traffic.
  • ·The exploit abuses JavaScript Array splice/concat on 'undecided' (uninitialized) arrays; detection rules targeting this pattern may produce false positives on legitimate heavy use of Array.prototype.concat.apply with large argument lists.
  • ·The vulnerability affects only unpatched WebKit-based products; fixed versions are iOS 10.3, Safari 10.1, and tvOS 10.2 — detections are only relevant against older, unpatched clients.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.