cbcvebase.
CVE-2017-2471
published 2017-04-02

CVE-2017-2471: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue…

PriorityP262high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
8.51%
94.4th percentile
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.

Affected

7 ranges
VendorProductVersion rangeFixed in
appleios
appleiphone_os
applesafari
applesafari
applewatchos
applewatchos
debianwebkit2gtk< webkit2gtk 2.14.6-1 (bookworm)webkit2gtk 2.14.6-1 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

other* { -webkit-border-image: url(#foo) 1 5 1 63 repeat; -webkit-flow-into: foo }
commanddocument.execCommand("selectAll", false)
commandtable.deleteCaption()
  • The use-after-free is triggered via a crafted web page combining CSS `-webkit-border-image` with `-webkit-flow-into` on a table element, followed by `document.execCommand('selectAll')`, slot reassignment, and `table.deleteCaption()` to free the caption node while a reference is still held.
  • Garbage collector is deliberately triggered in a loop after `deleteCaption()` to force the UAF condition; monitor for tight JS loops immediately following DOM table caption deletion combined with CSS named flows.
  • ·The exploit PoC targets a debug/ASan build of WebKit from the Project Zero researcher's local environment; offsets and framework paths in the stack trace are build-specific and not directly applicable to production Apple binaries.
  • ·Affected versions are iOS before 10.3, Safari before 10.1, and watchOS before 3.2; systems patched to these versions or later are not vulnerable.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.