CVE-2017-2480: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected…

CVE-2017-2480 [MEDIUM] CVE-2017-2480: iCloud for Windows 6.2 Apple Security Update: About the security content of iCloud for Windows 6.2 Product: iCloud for Windows Version: 6.2 CVE: CVE-2017-2480 Component: WebKit Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2017-2480 [MEDIUM] CVE-2017-2480: Safari 10.1 Apple Security Update: About the security content of Safari 10.1 Product: Safari Version: 10.1 CVE: CVE-2017-2480 Component: WebKit Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2017-2480 [MEDIUM] CVE-2017-2480: tvOS 10.2 Apple Security Update: About the security content of tvOS 10.2 Product: tvOS Version: 10.2 CVE: CVE-2017-2480 Component: WebKit Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2017-2480 [MEDIUM] CVE-2017-2480: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2480 Component: WebKit Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2017-2480 [MEDIUM] CVE-2017-2480: iTunes 12.6 for Windows Apple Security Update: About the security content of iTunes 12.6 for Windows Product: iTunes 12.6 for Windows CVE: CVE-2017-2480 Component: WebKit Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2017-2480 [MEDIUM] CWE-200 GHSA-f3h5-gcj5-7333: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2017-2480 [MEDIUM] CVE-2017-2480: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2017-2480 Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting --- URL scriptURL; URL url; if (protocolIsJavaScript(urlString)) { scriptURL = completeURL(urlString); // completeURL() encodes the URL. url = blankURL(); } else url = completeURL(urlString); if (shouldConvertInvalidURLsToBlank() && !url.isValid()) url = blankURL(); Frame* frame = loadOrRedirectSubframe(ownerElement, url, frameName, lockHistory, lockBackForwardList); script().executeIfJavaScriptURL(scriptURL); script().executeIfJavaScriptURL| called. This can happen by calling |showModalDialog| that enters a message loop that may start pending page loads. Tested on Safari 10.0.3(12602.4.8). PoC: --> click anywhere window.onclick = () => { window.onclick = null; f = document.createEle